Employee, contractors and workers privacy notice

What’s an employee privacy notice and when should you use it?

This is a privacy notice aimed at employees, contractors and workers and it is compliant with Ireland’s data protection laws (the General Data Protection Regulation – the ‘GDPR’) in force from 25 May 2018.

Not all parts of the notice will be applicable to all businesses.

This notice informs employees, contractors and workers about how you collect, handle, store and potentially also share, their personal data, as well as the rights that they have in relation to your activities, under Ireland’s data protection law.

You should have a separate shorter and more targeted privacy notice for job candidates.

This may include some of the same information as is included in this notice, but a lot of this employee notice will be irrelevant for candidates for jobs.

Your Employee, Contractor and Workers Privacy Notice should be separate to your external privacy notices (i.e. for customers, suppliers and anyone else you deal with).

If you want a privacy notice for your website, then you should use our Website Privacy Notice template.

If you need a general privacy notice then you can use our General Privacy Notice template for these purposes.

Before you draft your privacy notice, you should undertake a data mapping (or data audit) exercise in order to establish all the types of data which you hold, why you use them, the legal basis for using them and details of when that personal data is shared with other people or organisations.

What else might you need?

For more information on data mapping/auditing, take a look at our guide: data handling rules and what the GDPR means for small businesses (coming soon)

Our 14-point GDPR checklist is also very useful.

Employers are ‘data controllers’ of the personal data they hold about their employees, contractors and workers.

This privacy notice (or the information contained in it) should be given to each relevant employee, contractor or worker at the point where their personal data is being collected (and if you update it then it should also be made available to them then).

Often, this will be very early in the relationship process, such as when you offer them a job.

This is so that those individuals can understand how their personal data will be used, before giving it to you.

This privacy notice will also cover your existing employees (as they should be given a GDPR-compliant privacy notice too and know where to find it on a continuing basis).

You can provide job candidates with a separate shorter Candidate Privacy Notice to cover the time prior to a job offer.

It’s not essential to give a hard copy of your privacy notice to individuals, but you must make them aware of it and give them an easy way to access it (i.e. they can email you to be sent a copy, or they can access it from your website).

You should consider the way you collect the personal data from the individual and how you communicate with them in order to come up with a sensible way of providing them with a privacy notice.

For employees, it may be best to give them a hard copy of the notice (and even ask them to sign and return it) and to have it available on a business intranet or kept in a similarly central place where all employees can readily access it.