News and Events

Monitoring Employees: New ICO Guidance

View profile for Chloe Pereira
  • Posted
  • Author

On 3 October 2023, the Information Commissioner's Office (ICO) unveiled its comprehensive guidance, "Employment practices and data protection – Monitoring workers." This release comes in response to the shifting landscape of remote work and evolving technology, prompting employers to implement various forms of employee monitoring.

The ICO emphasises the crucial balance between legal obligations and workers' rights in the workplace. Their guidance, designed to ensure full compliance with the UK GDPR and Data Protection Act 2018, offers not just compliance directives but also invaluable good practice advice and practical checklists.

The ICO's commissioned research sheds light on the prevalence and perceptions of monitoring. 19% of respondents felt they had been monitored, with 70% finding workplace monitoring intrusive. This discomfort underscores the need for organisations to approach monitoring with sensitivity and transparency.

Monitoring, as defined by the ICO, spans various activities from call tracking to webcam footage. For employers seeking to implement monitoring practices, the ICO outlines key steps:

  • Transparency: Workers must be fully informed about the nature, extent, and reasons for monitoring, ensuring clarity in communication.
  • Purposeful Approach: Employers should have a well-defined purpose for monitoring, using the least intrusive methods necessary to achieve objectives.
  • Legal Compliance: Employers must establish a lawful basis for processing workers' personal data, aligning with data protection regulations.
  • Clear Communication: Information about monitoring should be presented in an easily understandable manner to employees.
  • Relevance: Only data relevant to the monitoring purpose should be collected and stored, ensuring focused data usage.
  • Risk Assessment: Any monitoring activities posing a high risk to workers' rights should undergo a Data Protection Impact Assessment (DPIA), ensuring thorough evaluation.

This guidance builds upon the ICO's earlier directive on processing workers' health data, emphasising their commitment to aiding employers and staff in navigating the intricate web of data protection laws.