Madison has experience dealing with both contentious and non-contentious employment law matters. Madison advises a range of employers across various sectors on all aspects of employment law. Madison’s practice area includes advisory work and corporate transactions.
Stay ahead of the curve with our exclusive Q&A series, brought to you by leading law firm, Arthur Cox, LLP, designed to answer your most pressing legal questions. These expert insights provide clear guidance to ensure your HR practices remain compliant and protect your organisation.
This month's question:
What duties and expectations are placed on employers who process criminal offence data?
The processing of personal data that relates to criminal convictions and offences is tightly regulated by the UK GDPR and Data Protection Act 2018. Article 10 of the UK GDPR states that the processing of data relating to criminal offences may only be carried out under the control of an official authority or authorised by domestic law or relevant international law. For example, employers will be aware that AccessNI provides criminal record checks for particular jobs.
If the criminal offence data is to be processed by an employer, they must be aware of the stringent restrictions surrounding the processing of the data because criminal offence data is personal data relating to criminal convictions and offences which is particularly sensitive and has special protection under UK data protection law. Processing must only be carried out if it meets a condition contained within Part 1-3 of Schedule 1 of the Data Protection Act 2018 such as conditions relating to employment, health and research or substantial public interest conditions.
It should be noted that some of the conditions outlined in Schedule 1 may require an employer to have an appropriate policy document in place to allow the processing to take place and explain the retention and erasure of personal data.
In addition to relying on a condition within Schedule 1 of the Data Protection Act 2018, Employers must also demonstrate the usual lawful basis to process criminal offence data (as per Article 6 of the UK GDPR), similarly when processing other special category data. Examples of lawful basis includes legitimate interests or necessary for compliance with a legal obligation.
Employers should also be prepared to carry out a data protection impact assessment, particularly as the ICO has noted that the processing criminal offence data is likely to be high risk. Employers should seek specific legal advice in relation to criminal offence data.
This article was provided by Madison Bowyer, an Associate in the Employment Law Group at Arthur Cox NI.
T:+44 28 9026 5886
E: Madison.bowyer@arthurcox.com
https://www.arthurcox.com/
Continue reading
We help hundreds of people like you understand how the latest changes in employment law impact your business.
Please log in to view the full article.
What you'll get:
- Help understand the ramifications of each important case from NI, GB and Europe
- Ensure your organisation's policies and procedures are fully compliant with NI law
- 24/7 access to all the content in the Legal Island Vault for research case law and HR issues
- Receive free preliminary advice on workplace issues from the employment team
Already a subscriber? Log in now or start a free trial
