• Contact Us

GDPR - References Now Exempt from Disclosure

on Friday, 06 July 2018.

Under the General Data Protection Regulation (GDPR) individuals are entitled to a copy of the personal data which your organisation holds about them and to certain supplementary information.

If you have ever been responsible for responding to a subject access request (SAR), you will be aware how complicated they can be to handle.

Responding to SARs is often a time consuming and resource intensive task, in part because of the need to consider whether any exemptions from disclosure apply.

The Data Protection Act 2018 (which supports the implementation of the GDPR) provides exemptions from disclosure under a SAR. Many of the exemptions under this new law closely mirror the previous exemptions under the Data Protection Act 1998. However, there are a few key changes. One such change relates to the disclosure of references.

What's Changing?

Under the Data Protection Act 1998, references given by an organisation were exempt from disclosure on receipt of a SAR.

The exemption only applied to references given by the organisation. This meant that the exemption could only be used by the provider of the reference, and not a recipient.

The Data Protection Act 2018 has removed this distinction so that any reference provided in confidence is exempt from disclosure under a SAR. This means that if an organisation receives a subject access request, confidential employment references about the individual making the request, whether created by that organisation or received from a third party, will be exempt from disclosure.

DP staff know how to avoid a data breach

Best Practice for Employers

Employment references should be marked as 'Strictly confidential - employment reference' to ensure that the exemption can be applied by sender and recipient.

Care must always be taken when providing references about employees to prospective employers or recruitment agencies. When giving references, you should always remember that:

  • There is no legal obligation to provide a reference but any reference provided must be true and accurate.

  • The content of a reference may need to be disclosed as part of any litigation involving the employee, regardless of whether the information contained in it might be exempt from a SAR.

  • Once given, a reference is outside of your control. There is no certainty therefore that an employer who receives a reference might not share it with the employee in question, perhaps because it is unaware that it might be exempt, or that it intends to disclose the document in order to defend its own position.

For specialist legal advice about references, please contact Mark Stevens in our Employment Law team on 0117 314 5401, or complete the below form.

Get in Touch

First name(*)
Please enter your first name.

Last name(*)
Invalid Input

Email address(*)
Please enter a valid email address

Please insert your telephone number.

How would you like us to contact you?

Invalid Input

How can we help you?(*)
Please limit text to alphanumeric and the following special characters: £.%,'"?!£$%^&*()_-=+:;@#`

See our privacy page to find out how we use and protect your data.

Invalid Input