GDPR – 5 steps to take today

Wondering what all the GDPR fuss is about?  There is plenty of information out there – so here is our attempt to make it simple.  Here are the practical steps that you need to be taking today in order to be ready for the new regime in May.


1. Review your contracts of employment  

You probably have a standard contract of employment that contains a consent clause.  After 25th May, you won’t be able to rely on this clause.  Instead you will need to review your contract template and include a privacy notice which makes explicit what personal data you are collecting, why you need, what you’re going to do with it and how long you’re going to keep it. More on this below.


2. Train your people

You need to ensure that your employees know about the GDPR.  This is especially important for those who have data processing as part of their jobs.  They need to be aware of the changes and how they need to act differently after the new regulations come into force.  You also need to make sure your people are aware of the rules around reporting data breaches to the relevant authority within 72 hours. You may also need to inform the subject of the data breach in certain circumstances. So you can see why it’s important that your people understand this.


3. Issue a privacy notice and make it publicly available

As mentioned in point 1, this is an essential step for both employees and job applicants alike. Resist the temptation to make it one of those 94-page terms and conditions documents that we all mindlessly agree to for all kinds of internet services these days: the regulations are very clear that notices must be easily accessible and easy to understand, as well as free of charge. The ICO has helpful guidelines around privacy notices on their website here: 


4. Audit – and conduct and initial risk assessment

The precise details of this audit will depend on your business and what you do, however there are common principles.  For example, start by ensuring that you are only collecting the minimum amount of personal information that you need for your business.  Check all of your data storage: both physical and digital. Are they safe? Where are your biggest risks of data loss? Do you still need to keep data that way or can you change your processes? How do you get consent from your data subjects? Will it be sufficient for the GDPR? What Data Protection Impact Assessments do you need to carry out? Again, the ICO website has some helpful self-assessment tools to help you here.


5. Review the personal data you are currently holding – and have a big clear out

It is time to clear out the clutter!  Do you need it full stop?  If you do, do you need it stored in the same format? For example, could you scan physical data and store it electronically (more securely). Does your business rely on paperwork being taken off site? This could make it all the more important to move to digital storage.  Digital devices can be password protected, but once lost, pieces of paper cannot be secured.


Finally, review your HR policies and procedures.  This will include those that specifically reference data protection but will include others too that reference the processing of data such as your sickness absence and recruitment policies. And if you need any help with this – well, this is what we do.  We can help you review your existing policies, and we can provide up to date, GDPR compliant policies on data protection.  Contact us for more information on how we can help you further.

Time for a menopause policy?

We spend a lot of time doing policy work for our clients. A little while ago the question arose…. Should we have a policy on the menopause at work?


My immediate response, fuelled by a general dislike of having a policy for absolutely everything, was…. no. Why would we need one?


And then I educated myself a little bit more.


It’s an area that is getting increasing focus from government, trade unions and organisations. You can find a recent publication here.


Here is what I now know:

  • Women are working later in life than they did in the past.
  • If we take the typical age that women experience the menopause, over 4m could be working through this life transition in the UK.
  • For some women, the symptoms can be severe and debilitating. There’s various research, but around 10-15% of women experience very severe symptoms.
  • Symptoms vary – but many can impact upon work either practically or in terms of confidence.
  • At the same time, for many women, it’s hard to talk about their menopause in the workplace – especially to male and/or younger managers.
  • Some women find coping strategies. Others opt to hide their symptoms.
  • Women are concerned about how they will be perceived if they talk about it. Some research points to discrimination and inappropriate comments and banter (otherwise known has harassment) about the menopause.
  • More research pointed to the increased likelihood of negative reactions in male-dominated environments – making women even less likely to speak out.


We’ve seen the matter of the menopause in the employment tribunal too. The leading case involves a women being dismissed for performance, which she alleged was as a result of her menopause and associated health conditions. The dismissing (male) manager made no attempt to verify this with Occupational Health, and instead based his decision on the (non-severe) menopause experiences of his wife and HR advisor……. I’ll just leave that there.


On my commute today I saw a poll on Twitter, asking if women should get ‘menopause leave’. The evidence is clear that menopause is an experience that differs significantly from woman to woman. So a one stop shop piece of legislation or ‘right to request time off’ isn’t the answer.


Small changes are sometimes all that is needed. If you provide uniform, making sure it’s made of natural fibres, or providing more than normal so that women can change at work. Small adjustments to working hours or breaks for women who are experiencing sleep problems or fatigue. Ventilation, fans and access to cold drinking water or changing facilities.


Above all, like with most people stuff, it is about dialogue. Creating the conditions where conversations are safe, people feel like they can raise the difficult stuff and reach out for the support that they really need.


So, maybe it is time for a menopause policy – or at least some guidance to help employees and managers alike. We have recently written our first documents for clients – so if you need any help with thinking about how your approach the menopause where you work…. get in touch!