We have had a number of queries about GDPR and what help is available to Policyholders on our Legal Services website. The team behind the website has been busy working on changes and enhancements to ensure that the service we provide to customers is GDPR compliant. While some changes are already in place others will go live from the 22nd of May.
Changes to legal content – documents and law guide
Business Legal Services
Employment
• We’ve updated the employment contracts so they’re compliant with the GDPR and – when it comes into effect – the new Data Protection Act.
• All supporting recruitment documents have been reviewed to help employers fulfil their data protection obligations when receiving personal information from job applicants.
• The Employee handbook now features a detailed Data Protection policy, outlining a business’s data protection responsibilities and how their staff should help ensure they’re met.
• There is also a new Privacy notice for employers to give to existing and prospective staff, ensuring they’re given the requisite information about what personal data of theirs the employer holds.
Updated documents: Consultancy agreement, Criminal convictions declaration form for job applicants, Employee handbook, Employment agreement, Employment statement, Executive director’s service agreement, Fixed-term employment agreement, General purpose reference request letter, General purpose rejection letter, Interview checklist, Job application form, Job description, Job offer letter, Licence for an employee to occupy residential accommodation, Licence to occupy business premises, New employee induction checklist, Service occupancy agreement (Scotland), Zero-hours agreement
E-commerce
The Privacy and cookie policy for a website has been overhauled, giving users the opportunity to fully outline what categories of information they capture via their website, what they do with it and their reasons behind it. To be more in keeping with the GDPR terminology, we’ve renamed the document Privacy and cookie notice for a website. However, its purpose remains the same.
The related website terms and conditions documents have also been updated with the GDPR in mind.
Landlords Legal Services
Both commercial and private residential landlords fall under the scope of the GDPR. They will need to give their tenants information about the personal data they hold and what they’ll do with it. A new privacy notice for landlords has been created to fulfil this purpose, and we’ve added guidance to the documents listed below to help landlords understand their obligations.
Updated documents: Agreement for a landlord to share a house/flat, Agreement to let a room to a lodger on a serviced basis, Assured shorthold tenancy agreement, Letter from landlord confirming status of tenant, Medium term lease of commercial premises with rent review, Private residential tenancy agreement (Scotland), Residential tenancy agreement (Northern Ireland), Short term lease of commercial premises with no rent review
Law guides
GDPR-related information is being added to the following law guides:
Ecommerce, Employment, Landlords, Property, Purchase & Sales, Workplace
----
Changes to websites and operational procedures
Consent for use of data
The data we process in order to fulfil our service is almost all provided to us under the GDPR lawful basis of ‘Contract’, meaning that the data that customers provide is necessary in order for us to fulfil our obligations to them. However, when customers register to use a website for the first time, we ask them to provide specific ‘consent’ to use their data for some purposes. For Business customers This is to receive a business bulletin. As we cannot presume any previously supplied consent is still valid this must be reset and collected again.
We have amended our registration form to capture consent in a more granular way, as required under the GDPR, and to tell customers how they can update their preferences. We have also updated the summary privacy notice included on the registration form:
Going forward, all existing consent responses will be reset to ‘No’ in our databases, and customers will be prompted to opt in again when they next visit the site.
Timestamps for consent collection
As required by the GDPR, at all points where consent is collected electronically, this will be timestamped and versioned, so that there is an exact record of what a client consented to and when this took place.
Data Protection Policies
All data protection/privacy policies that our website supplier maintains or controls will be updated to better explain who the data controller is and to adopt a friendlier format, with a hyperlinked list of sections at the start of the document. Links to the Data Protection Policy will also be displayed more prominently on the website as part of the registration process.
Terms of use
All website terms of use will be updated to show GDPR data, including reference to the Data Protection policy.
We hope Policyholders find all of these changes helpful and that they feel supported in meeting the new GDPR obligations.
(Details of GDPR updates described in this Blog have been supplied by the team behind our legal services website).