Data protection and GDPR New data protection legislation puts greater obligations on businesses in relation to their processing, retention and transfer of personal data, particularly sensitive personal data (for example, data about an individuals' health or financial circumstances). The GDPR (General Data Protection Regulation) is significantly more prescriptive than previous data protection law and imposes strict penalties for non-compliance. Regardless of size, all businesses need to comply with the GDPR.

Key steps to ensure compliance with the GDPR are as follows:

 make sure you and other key people in your business understand your obligations under the GDPR

 review what personal data you hold and who you share it with

 review current privacy notices and consider any further documentation you need to put in place

 identify the lawful basis for your processing activity in the GDPR

 designate someone in your business to take responsibility for data protection compliance.

Monitoring employees

You can lawfully monitor what your employees are doing at work in certain circumstances. Having appropriate systems and safeguards in place are an important consideration for any business. These could include a range of measures, from CCTV to remote computer monitoring, to accessing employees' work email accounts.

However, in order to comply with the law, you will need to be able to justify your reasons for monitoring and for processing personal data by reference to, for example:

 legitimate business interests, or  legal obligations to maintain the security of the employee data.

We recommend that you seek legal advice before carrying out employee monitoring.

Protecting intellectual property

IP created in the course of an employee’s normal employment duties automatically belongs to your

business. However, where an employee creates IP outside of their normal duties, or has created IP before they joined you, it may not be owned by your business and if you use it you may be exposing yourself to liability.

With contractors and consultants, you have less security – they will usually own the IP they create unless you have a written agreement which states otherwise.

If your business is creating valuable IP, you should ensure there are well-drafted provisions dealing with IP rights in all your contracts. In addition you will need to look at registering or applying for trademarks, patents, design rights or other protection.

Protecting confidential information and know- how

Your business will have information that you would not want a competitor to know e.g. customer details, financial data or strategic plans. A business is protected from misuse of confidential information and know-how by staff through what is known as the implied duty of confidentiality on employees (but note that this duty may not apply in the same way to workers or self-employed individuals).

Practical tips to protect important information are as follows:  label it clearly as "Confidential" so that there is no doubt

 include specific obligations in your employment documents that expressly set out the individual's obligations of confidentiality during and after their employment

 implement access controls e.g. does everyone in the business need to have access to your main customer list?

 implement security measures so that you can track who is accessing information.

Protection from competitive activity

You can put clauses in employment contracts that prohibit competitive activity by employees e.g.:  working for a competing business  dealing with your clients  soliciting your clients or customers  soliciting your employees.

These sorts of clauses need to be professionally drafted and tailored to the particular situation.

Wedlake Bell’s Key Knowledge Guide to Employment Law for New Businesses 8

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12