Essential points 

  • Data protection is about safeguarding important information and making sure it is used properly and legally.  
  • Employers can keep a range of personal information about their employees without seeking their permission including their name, address, date of birth, sex, National Insurance number, emergency contact details, any disciplinary action taken against them. 

  • Organisations need their employees’ consent to keep sensitive information on them such as their race or ethnicity, religion, trade union membership, health and medical conditions, sexual orientation. 

  • Employers must keep employees’ personal data secure and up to date and have extra security in place to protect their sensitive personal data. 

  • Employees have the right to be told what records are being kept on them, how they are used, and how their confidentiality is preserved.

CIPD member content

This content is only available for CIPD members


Please note: While every care has been taken in compiling this content, CIPD cannot be held responsible for any errors or omissions. These notes are not intended to be a substitute for specific legal advice. 

law advice

Want more employment law advice? Members can phone the CIPD legal helpline or take out a discounted subscription to HR-inform for additional resources.

Callout Image

Related content on data protection

Data protection and GDPR in the workplace

Introduces data protection law in the UK, covering the obligations of employers and individual rights to accessing information.

People manager guide: Managing data protection requirements

This guide provides managers with an overview and principles to apply when handling GDPR and data protection requirements to ensure they play their part in complying with regulations governing its safe handling.

For Members
Retention of HR records

Introduces the legal issues in the UK around effective retention and organisation of HR records

Data Protection and GDPR resources

Learn more about data protection and GDPR to ensure your organisation is compliant.

Employment law

Access more employment law resources

Employment law
UK employment law changes post-Brexit – the ‘retained EU law bill’ explained

The 'Retained EU law bill', or REUL, changes UK employment law.

For Members
Employment law
Annual leave: UK employment law

The CIPD's dedicated legal resource on holiday entitlement for all types of worker. This page includes guidance on applying the working time directive and how the UK court system sees legal claims against employers on annual leave matters.

For Members
Employment law
Working time: UK employment law

CIPD guidance on the legality of working hours in the UK. Workable hours and breaks are directed by the UK's Working Time Regulations, formally part of the EU Working Time Directive. Here we explore key legislation and how the courts see claims against employers.

For Members