Our Operations Manager, Phil Bagnall blogs about an important aspect of GDPR for larger organisations:
“If you employ staff then there is an important rule within the General Data Protection Regulation that you should be aware of. It concerns giving and receiving employment references.
As a general rule, employees may ask to see their personnel record. After all, it is their data. And that could mean showing them a reference you have received from their previous employer, or a reference that you have written to a potential employer. Needless to say, this can get awkward at times. But not all GDPR clauses are set in stone. Countries are allowed to vary some of the rules. The UK has an exemption to revealing confidential references, but the exemption isn’t mandatory. So what does this mean in practice?
You may refuse to reveal the contents of a confidential reference unless your policy is to give access to references. Make sure you check your policy.
You may ignore the exemption altogether – it is not compulsory – and show your employee or candidate the reference.
There are a couple of things you need to be aware of however. When asking for or giving a reference you should state whether the employee or candidate is allowed to see it. And whatever you do, do not stray from the facts. A court could still demand to see the reference and if you have made any comments that are inappropriate, libellous or factually incorrect then you could have a big problem on your hands.”
We have produced a GDPR Toolkit, which is free to voluntary and community sector organisations – contact us for more details.