• Find us on:

Privacy at Work


Most private and public organisations keep files on the people they deal with, whether as employees, customers, clients or contractors. Decisions are made about people based on the contents of these files, and often by people who don’t know you from Adam. If the information held about you is incomplete, inaccurate, and unfair or used in a way that is detrimental to you your rights may be infringed. The Data Protection Act 2018 and other pieces of legislation protect your private information and allow it to be used or “processed” in specified circumstances. You also have the right to see files containing your information in order to challenge and correct inaccuracies.

The Law

The main legislation covering data protection is the Data Protection Act  2018 (DPA). The other laws about data protection include;

The Information Commissioner’s Office

The Information Commissioner’s Office is an independent supervisory authority which ensures that organisations which process data do so in compliance with the Data Protection Act 2018, Freedom of Information Act 2000, (FOI Act) the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) and the Environmental Information Regulations 2004 (SI 2004/3391). Among other responsibilities the Information Commissioner’s office;

  • publishes extensive guidance and develops codes of practice designed to assist individuals and organisations comply with the legislation
  • maintains a public register of Data Controllers under the DPA and the list of public authorities with approved publication schemes under the FOI Act
  • prosecutes persons in respect of offences committed under the legislation.

The Information Commissioner’s website has very comprehensive information and guidance on good practice. The Office publishes codes of practice, good practice notes, technical guidance notes and other guidance.

The codes and guidance are not legally enforceable but the Commissioner will take note of a breach or disregard of the eight data principles in any enforcement action.

The Employment Practices Code is the main code of practice covering employment. It is in four parts which are available on the website and as a pdf in a single document. The code is supplemented by the Employment Practices Code: Supplementary Guidance in addressing the rights of workers and employees. It is in four parts, covering;

  • Recruitment and selection
  • Employment records
  • Monitoring at work
  • Information about workers health

Updated: 14/03/2020


The information and content on this website is provided for general information purposes only and is not intended to constitute legal or other professional advice. Legal information or content on this website relates only to the laws of England and Wales. You should not take any actions based on information found on this website without first seeking appropriate legal advice with respect to your specific matter. No representations or warranties are made about the suitability, currentness, comprehensiveness and/or accuracy of the information and other content contained on this website. It should be noted that legal information and content can rapidly become out of date and we give no undertaking to keep this website up to date. All liability for any loss or damage of any kind which may be suffered as a result of accessing and using the information and/or content of this website is hereby excluded to the full extent permitted by law.