Subscribe

  • 01942 727 200
Twitter Linkedin
EML - Employment Management LTD Logo
  • Home
  • About EML
    • Meet the Team
    • Clients
    • Corporate Social Responsibility
  • Services
    • HR Consultancy Services
      • Disciplinary and Grievance Investigations
    • Employment Law
    • Employment Tribunal Representation and Insurance
    • Health & Safety Consultancy
    • Non-Core Services
      • Employee Assistance Programme
      • Employee Wellbeing Programmes
        • Wellbeing Retreat Days
      • HR Management Software Solution
      • Mediation Services
      • Employee Outplacement Services
      • Personality Profiling Analysis
  • Resources
    • Blogs & Articles
    • Factsheets & FAQ’S
    • Case Studies
  • Training
    • e-learning
    • Workplace Health & Safety Training
    • HR Essentials
    • Modern Day Slavery
    • Training Materials for Employee Representatives
    • World of Work Training Programme
  • Events
  • Testimonials
  • Contact Us
  • Home
  • About EML
    • Meet the Team
    • Clients
    • Corporate Social Responsibility
  • Services
    • HR Consultancy Services
      • Disciplinary and Grievance Investigations
    • Employment Law
    • Employment Tribunal Representation and Insurance
    • Health & Safety Consultancy
    • Non-Core Services
      • Employee Assistance Programme
      • Employee Wellbeing Programmes
        • Wellbeing Retreat Days
      • HR Management Software Solution
      • Mediation Services
      • Employee Outplacement Services
      • Personality Profiling Analysis
  • Resources
    • Blogs & Articles
    • Factsheets & FAQ’S
    • Case Studies
  • Training
    • e-learning
    • Workplace Health & Safety Training
    • HR Essentials
    • Modern Day Slavery
    • Training Materials for Employee Representatives
    • World of Work Training Programme
  • Events
  • Testimonials
  • Contact Us

TUPE, due diligence and the data protection challenge

How can you undertake thorough and effective due diligence in the context of a TUPE transfer without breaching data protection legislation?

This is a question we have been asked by clients a few times of late and so we thought it would be useful to get the answer out there for the wider benefit of employers in general.

In summary, the General Data Protection Regulation (GDPR), duly tailored by the Data Protection Act 2018, requires UK employers to comply with the following data protection principles when processing their employees’ personal information:

    • Data should be processed fairly, lawfully and in a transparent manner.
    • Data should be obtained for specified and lawful purposes and not further processed in a manner incompatible with those purposes.
    • Data should be adequate, relevant and not excessive.
    • Data should be accurate and kept up to date.
    • Data should not be kept for longer than necessary.
    • Data should be kept secure.

One of the biggest data protection headaches employers face in TUPE situations is in relation to the disclosure of Employee Liability Information (ELI).

Notwithstanding the need for the acquiring business to undertake due diligence in respect of the employment of the individuals they will be in receipt of upon the transfer taking effect, TUPE requires the transferor (e.g. the seller or current service provider) to provide the transferee (e.g. the buyer or new service provider) with certain ELI so it can determine the employment-related measures post-transfer. The transferor must then inform / consult with affected employees regarding those measures.

The ELI will invariably include personal data such as the age and birth dates of the employees concerned, as well as their terms and conditions of employment and information about any recent disciplinary and grievance issues. As provision of this information is a legal obligation, data protection legislation does not prevent the transferor relaying it without anonymisation. However, wherever practicable, transferor will often endeavour to anonymise as a means of erring on the side of caution on the basis that transferees frequently request information such as sickness absence and parental leave as part of a wider due diligence exercise. Therefore, it is often difficult to keep track of which information is protected as ELI and which is not.

In terms of what constitutes effective anonymisation for the purposes of the GDPR, it is simply to ensure that individual employees cannot be identified by the information that is disclosed. The simplest way to achieve this is to refer to each employee by number and to use those numbers consistently throughout the process.

If an employer decides not to anonymise the ELI it discloses, the affected employees should at least be issued with a privacy notice which confirms that their personal data is being provided to the transferee and why.

Regarding the consequences of and failing to follow the data protection principles outlined above, employers can be subject to significant fines for related data breaches under the GDPR and may also be subject to direct claims for compensation by individuals who have suffered damage as a result of any such breaches. Therefore, it is worth investing time and attention into how the ELI process is to be handled from the outset.

If you are an employer that is subject to a TUPE process at present, or could be in the near future, and have misgivings about the data protection implications of due diligence and the provision of ELI, please contact us for an initial discussion without charge or obligation.

  • Karen Moffett
  • August 30, 2019
Share this article:
PrevPreviousSocial media in the workplace: tips for employers
NextThe benefits of an active commuteNext

Subscribe to our employment law updates

Don't miss new updates on your email

Privacy Notice - Cookie Policy - Terms & Conditions

EML Limited ©2018. Website managed by Beech Web Services

Access Our Free Resources

Simply fill in the form below to gain access to our wonderful range of free business resources.