In a draft settlement agreement between an employer and an ex-employee, the employer has tried to include a clause by which the ex-employee waives their rights under the General Data Protection Regulation (GDPR).
The GDPR replaced the Data Protection Act 1998 as of 25 May 2018. In 2011 under the old regime, the ICO offered guidance to West Chester and Chester Council when it emerged that an employee had contracted out of his DPA 1998 rights as part of a settlement agreement. In their guidance they were unequivocal in saying that any such clause would be unenforceable, and may even breach human rights obligations.
What could be the employer’s motive for trying to exclude GDPR rights? If they want to keep the negotiations leading up to the settlement confidential, this could have been achieved by the “without prejudice” principle. Alternatively the ERA’s s111A offers protection against settlement negotiations being used in a later unfair dismissal claim, although not in claims for unfair dismissal for an “automatic” reason such as whistle blowing or discrimination.
Employers concerned that former employees may be able to raid their files to the business’s detriment may still rely on the exemptions that were available under DPA1998, which include confidential references, personal data which relates to management forecasting or planning, data covered by legal professional privilege, and records of the employer’s intentions in respect of settlement discussions.
The ICO’s guidance under the new DPA 2018 and GDPR is that nothing has changed, so no new exemption for individuals who have contracted out as part of their settlement agreement.