The Gibraltar Regulatory Authority (GRA) has published recommendations on the processing of personal data in employment. The guidelines are designed to help ensure data protection compliance as required by GDPR. They focus on several areas:
- employer obligations, including the legal basis for processing personal data and accountability requirements,
- the recruitment process and retention of recruitment records,
- employment record keeping, including file retention, grievances and dismissals, and HR outsourcing,
- video surveillance at the workplace,
- the use of private equipment in the performance of official duties,
- data protection impact assessment,
- remote working,
- individual rights of employees.