Do employers need to amend employees' contracts to comply with the GDPR?

No, it is not necessary for employers to amend the contracts of existing employees to comply with the General Data Protection Regulation (GDPR). However if your employment contract includes a data protection clause it will need to be revised for any new contracts created. 

For existing employees, employers should issue a new privacy notice to, providing information on the processing of their personal data, which would override any invalid data protection clauses in the contract. The GDPR specifies the information that the employer must provide in the employee privacy policy. The information includes the purposes for which the employer will process the employee's personal data, the legal bases for the processing, information about the retention period and information about the employee's rights as a data subject.

What has Bright Contracts done?

• Updated employment contract: whilst not necessary to update existing employees’ contracts, we have updated the Data Protection contract clause for all new contracts created in Bright Contract.
• Employee Privacy Policy: a new Employee Privacy Policy will be made available to all Bright Contracts customers. The new policy contains all the specific information required under GDPR.
• Data Protection Policy: the handbook Data Protection Policy has been updated and should also be communicated to employees.