GDPR: Staff & Volunteers
GDPR: What is it?
You will perhaps be aware of GDPR from your place of work or the media or through communications you are receiving from commercial or other charitable organisations about your personal data and preferences for being contacted.
The Information Commissioner’s Office (ICO) have given organisations the date of 25 May 2018 to be compliant with the updated General Data Protection Regulations (GDPR). Wirral Hospice St John’s has always and will continue to take Data Protection extremely seriously.
Staff and Volunteers:
In order to comply with its contractual, statutory, and management obligations and responsibilities, Wirral Hospice is required to process personal data relating to its employees, including ‘special categories of personal data’, as defined in the General Data Protection Regulations 2018 (the “Act”).
All such data will be processed in accordance with the provisions of the Act and the relevant hospice’s Policies. For the purposes of the Act, the term ‘processing’ includes the initial collection of personal data, the holding and use of such data, as well as access and disclosure, through to final destruction.
In certain circumstances, the provisions of the Act permit the hospice to process an employee’s personal data, and in certain circumstances sensitive personal data, without their explicit consent.
Further information on what data is collected and the purposes for which it is processed is given below.
The hospice’s contractual responsibilities include those arising from the contract of employment or volunteer agreement. The data processed to meet contractual responsibilities includes, data relating to: payroll; bank account; postal address; sick pay; leave; maternity pay; and pension and emergency contacts.
The hospice’s statutory responsibilities are those imposed on the hospice by legislation. The data processed to meet statutory responsibilities includes: national insurance; statutory sick pay; statutory maternity pay and equal opportunities monitoring.
The hospice’s management responsibilities are those necessary for the day to day functioning of the hospice. The data processed to meet management responsibilities includes; recruitment and employment; absence; disciplinary matters; health and safety; hospice-operated CCTV; email address and telephone number and swipe cards.
Special Categories of personal data
The Act defines ‘special Categories of personal data’ as data relating to racial or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data and biometric data, health; sex life or sexual orientation. In certain limited circumstances, the Act permits the Hospice to collect and process such data without requiring the explicit consent of the employee.
– The hospice will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and consent.
– Save in exceptional circumstances, the hospice will process data about an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding the hospice’s equal opportunities policies and related provisions.
– Data about an employee’s criminal convictions will be held as necessary.
– Your personal information may be stored in different places, including your personnel file, HR and eLearning systems.
Disclosure of personal data to other bodies
In order to perform its contractual and management responsibilities, the hospice may, from time to time, need to share an employee’s personal data with one or more other organisations. In such cases, those organisations will be required to process the data in accordance with the provisions of the Act.
For the performance of the employment contract, the hospice is required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.
In order to fulfil its statutory responsibilities, the hospice is required to provide some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Some information about staff is sent in coded and anonymised form to the Office of National Statistics.
The Hospice may display an employee’s email address and telephone number in communication literature. Furthermore some personal employee information may, with the prior approval of the employee, be displayed on the Hospice website which is accessible to internet users, including those in countries outside the European Union (EU).
Employees should be aware that many countries outside the EU do not have data protection legislation, or have different data protection/privacy regimes, and so may not always protect their personal data to the same standard as within the EU.
Requests to have personal information, email address and/or telephone number omitted from communication literature should be addressed to the hospice’s Data Controller and will need to be approved by their Head of Department.
Keeping personal data up-to-date
The Act requires the hospice to take reasonable steps to ensure that any personal data it processes is accurate and up-to-date. It is the responsibility of the individual employee to inform the Hospice of any changes to the personal data that they have supplied to it during the course of their employment.
The right of access:
You will have the right to access any personal information we hold about you at the hospice, free of charge. You can ask for this by completing Subject Access Request (SAR) and we will respond within one month.
Under the Act, it is possible for individuals to request access to any of their personal data held by the hospice, subject to certain restrictions. A request for disclosure of such information is called a Subject Access Request (SAR) and should be addressed FAO:
Wirral Hospice St John’s Data Controller
Wirral CH63 6JE
Or please email email@example.com
This page was last updated 24.05.18