Are we obliged to provide a reference for an employee and do we need…

Latest in Employment Law>Articles>Are we obliged to provide a reference for an employee and do we need consent under GDPR?

Are we obliged to provide a reference for an employee and do we need consent under GDPR?

Published on: 07/08/2018

Issues Covered:

Contracts of Employment Data Protection and GDPR

Article Authors The main content of this article was provided by the following authors.

Chris Fullerton Partner in the Employment Law Group, Arthur Cox LLP

Is an employer obliged to provide a reference for an employee and does an employer have to obtain employee consent before doing so under the GDPR or Data Protection Act 2018?

Firstly, there is no legal obligation for an employer to provide a reference. However, there may be a contractual obligation if provision of a reference is stated in terms of employment or a contractual staff handbook.

The GDPR and Data Protection Act 2018 (“DPA 2018”) require a lawful basis for processing personal data. This is particularly pertinent to references as they may also contain “special category" personal data e.g. sickness absence details.

Consent is one of the lawful bases that can be relied upon for processing personal data. However, ICO guidance suggests that consent is not the most appropriate basis in the context of an employment relationship due to the imbalance of power.

Other lawful bases for processing under the GDPR are:

processing necessary for an employer to comply with their legal obligations;
processing necessary for an employer to perform their side of the employment contract; and
processing which the employer has a legitimate interest for carrying out.

Provision of a reference is not necessary for compliance with legal obligations, it is unlikely to be necessary for performance of a contract (unless explicitly stated that a reference will be provided) and as it is for the benefit of the employee, it is unlikely to be a legitimate interest. Therefore, consent is likely to be the most viable basis because a reference will be for an employee's benefit so they are likely to have a genuine inclination to give their consent.

Many references will contain “special category" personal data i.e. data containing information about an employee’s health. Therefore, under Article 9, if consent is being relied upon it must be "explicit".

Employers should ensure that they keep a clear record of consent, including the precise type(s) of information that an employee permits to be included in his/her reference.

Another option for an employer is to place the onus onto an employee’s new employer to require them to obtain the necessary consent for particular details in a reference.

The DPA 2018 and GDPR also limit the scope for an employee who is unhappy with the contents of a reference to prevent such information being disclosed. Under the DPA 2018, an employee would have to rely upon his/her right to erasure or right to limit processing.

N.B Schedule 2 to the Data Protection Act 2018 (which supplements the GDPR) allows employers to refuse to disclose a confidential employment reference to an employee or former employee if he or she requests access to it.

Perhaps to avoid confusion we should say that:

“Schedule 2 to the DPA 2018 allows employers to refuse to disclose a confidential reference to an employee/former employee even if they request access to it. However, it should be taken into account that data subjects can rely on their other rights under the DPA 2018, for example, the right to erasure or right to restrict processing.”

Continue reading

We help hundreds of people like you understand how the latest changes in employment law impact your business.

Start your free trial now

Subscribe, or start free trial →

Already a subscriber?

Please log in to view the full article.

What you'll get:

Help understand the ramifications of each important case from NI, GB and Europe
Ensure your organisation's policies and procedures are fully compliant with NI law
24/7 access to all the content in the Legal Island Vault for research case law and HR issues
Receive free preliminary advice on workplace issues from the employment team

Already a subscriber? Log in now or start a free trial

Subscribe or start free trial

Disclaimer The information in this article is provided as part of Legal Island's Employment Law Hub. We regret we are not able to respond to requests for specific legal or HR queries and recommend that professional advice is obtained before relying on information supplied anywhere within this article. This article is correct at 07/08/2018

Q&A

Can an employer count a public holiday as part of the statutory minimum holiday entitlement when the public holiday does not fall on a normal working day?

04/02/2025

Can an employee take time off for mental health reasons, and what should an employer consider more generally?

04/02/2025

Can a Payment in Lieu of Notice (PILON) be paid at below National Minimum Wage (NMW)?

04/02/2025

Is an employer required to show employees the physical documents that are held in their employment file?

03/12/2024

What is the position where there is a closure of a workplace which an employee works at on a hybrid basis?

03/12/2024

How to handle it

Workplace Investigations: Handling Sensitive Cases with Fairness and Care - How do I handle it?

16/01/2025

Handling Festive Risks: Preventing Sexual Harassment at Work Events: How do I handle it?

11/12/2024

Sexually inappropriate banter: How do I handle it?

19/11/2024

Vaping at Work: How do I Handle It?

10/10/2024

Flexible Working Requests Across GB and NI: How do I Handle it?

18/09/2024

Legal Island’s LMS, licensed to you Imagine your staff having 24/7 access to a centralised training platform, tailored to your organisation’s brand and staff training needs, with unlimited users. Learn more →