Last month the Information Commissioner’s Office (ICO) published new guidance on lawful monitoring in the workplace. With the rise of remote working and developments in the technology available, the ICO recognises that many employers are looking to carry out checks on its staff.
Monitoring staff can include tracking calls, messages and keystrokes, taking screenshots, webcam footage or audio recordings, or using specialist monitoring software to track activity throughout a working day.
The ICO has revealed through its guidance that if employers are looking to monitor its staff in this wat, it must take steps including:
- making its staff aware of the nature, extent and reasons for monitoring;
- having a clearly defined purpose for the monitoring and using the least invasive means to achieve that purpose;
- having a lawful basis for processing staff data – such as consent or legal obligation;
- explaining to staff about any monitoring in a way that is easily understood;
- only keeping the information which is relevant to its purpose;
- carrying out a Data Protection Impact Assessment for any monitoring that is likely to result in a high risk to the rights of staff; and
- making the personal information collected through monitoring available to staff if they make a Subject Access Request.
The new ICO guidance can be found here: employment-practices-and-data-protection-monitoring-workers-1-0.pdf (ico.org.uk).
It is vital that employers have a clear and coherent Data Protection Policy and Privacy Notice which is provided to its employees at the commencement of their employment to ensure clarity and understanding of how their data will be processed and, if relevant, how they will be monitored (especially if they are fully remote or hybrid).
Should you require assistance with the preparation of the relevant policies and notices in connection with GDPR and Data Protection, please get in touch with our Employment Team.