Skip to main content

GDPR for Employers

As an employer, if you store or process your employees’ personal data then you need to make sure you are meeting your responsibilities under the new General Data Protection Regulation (GDPR). This can affect your organisation’s contracts, policies and systems, and you may need to appoint a Data Protection Officer. If you fail to comply, your organisation could be liable for penalties of up to 4% of turnover or €20 million.

Specialist advice can help you understand the full extent of your GDPR responsibilities and how best to implement the necessary changes and ensure ongoing compliance in your organisation.

How Thorntons can help

Our Data Protection and Information Security team along with our expert Employment team can help employers and HR teams with comprehensive advice and support on all aspects of GDPR compliance, including a tailored GDPR Employment package, training for staff, data audit and gap analysis services to identify the key GDPR issues for your organisation, and Data Protection Officer services.

Our GDPR Employment package

Our fixed price GDPR Employment package is tailored to your organisation’s specific needs to help you meet GDPR requirements and ensure ongoing compliance. The package includes:

  • Reviewing the relevant clause in your employment contracts and providing updated wording as needed
  • Reviewing and updating your existing employee privacy policy (i.e. a data protection policy) or providing you with a template employee privacy policy if necessary
  • Providing a staff privacy statement and applicant privacy statement, both tailored to your organisation’s requirements
    • Providing guidance on retention periods
    • Providing a guide to handling employee data


As part of the tailoring process we will send you an audit document to complete in relation to employment and HR matters only. We will then base our advice on the response received. For more supported data audit and gap analysis services, see section below.

For clients currently subscribed to our HR package, our GDPR package costs £1,000 plus VAT.

For clients not subscribed to our HR package, our GDPR package costs £1,500 plus VAT.


GDPR training

Awareness of GDPR among staff is often regarded as one of the best ways to manage the risk associated with processing personal data. We offer several staff training packages and can provide your organisation with a one-hour overview of GDPR and what it means for your organisation for £400 plus VAT.

We can also provide bespoke training covering such issues as GDPR and Marketing, GDPR and the HR Team, and GDPR and the IT Team.


Audit and gap analysis services

Data mapping your processing activities is essential to fully understand what you need to do to implement GDPR. We have designed our own GDPR Audit Toolkit that can be used to create your Treatment Plan, which prioritises the actions you have to take as an organisation. The toolkit includes an audit questionnaire, template Treatment Plan and Excel spreadsheet to record processing activities. You can use the toolkit in two different ways:

  • Complete the documentation yourself using the toolkit. This costs £750 plus VAT, which includes an hour’s consultation with a member of our team to discuss any queries you may have.
  • Our GDPR experts undertake the audit on your behalf using the toolkit. This involves a half-day visit to your office so we can meet your staff or board members and obtain a comprehensive overview of your processing activity. This costs £750 plus VAT in addition to the above package cost.


If you are looking for a more bespoke audit, please contact us to discuss your requirements with our Data Protection and Information Security team.


Data Protection Officer services

We can help you fulfil your Data Protection Officer (DPO) requirements in a way that suits you, ranging from our DPO Assist Package, which includes a basic and enhanced offering, to our comprehensive DPO Outsourced Package. Contact us for a price for this service based on your organisation’s needs.

Please call us on 01382 229111 for practical employer advice and support on GDPR compliance. Or complete our online enquiry form and an expert in our Data Protection and Information Security team or Employment team will call you back.

Our GDPR Employment package

Our fixed price GDPR Employment package is tailored to your organisation’s specific needs to help you meet GDPR requirements and ensure ongoing compliance. The package includes:

  • Reviewing the relevant clause in your employment contracts and providing updated wording as needed
  • Reviewing and updating your existing employee privacy policy (i.e. a data protection policy) or providing you with a template employee privacy policy if necessary
  • Providing a staff privacy statement and applicant privacy statement, both tailored to your organisation’s requirements
    • Providing guidance on retention periods
    • Providing a guide to handling employee data


As part of the tailoring process we will send you an audit document to complete in relation to employment and HR matters only. We will then base our advice on the response received. For more supported data audit and gap analysis services, see section below.

For clients currently subscribed to our HR package, our GDPR package costs £1,000 plus VAT.

For clients not subscribed to our HR package, our GDPR package costs £1,500 plus VAT.

GDPR training

Awareness of GDPR among staff is often regarded as one of the best ways to manage the risk associated with processing personal data. We offer several staff training packages and can provide your organisation with a one-hour overview of GDPR and what it means for your organisation for £400 plus VAT.

We can also provide bespoke training covering such issues as GDPR and Marketing, GDPR and the HR Team, and GDPR and the IT Team.

Audit and gap analysis services

Data mapping your processing activities is essential to fully understand what you need to do to implement GDPR. We have designed our own GDPR Audit Toolkit that can be used to create your Treatment Plan, which prioritises the actions you have to take as an organisation. The toolkit includes an audit questionnaire, template Treatment Plan and Excel spreadsheet to record processing activities. You can use the toolkit in two different ways:

  • Complete the documentation yourself using the toolkit. This costs £750 plus VAT, which includes an hour’s consultation with a member of our team to discuss any queries you may have.
  • Our GDPR experts undertake the audit on your behalf using the toolkit. This involves a half-day visit to your office so we can meet your staff or board members and obtain a comprehensive overview of your processing activity. This costs £750 plus VAT in addition to the above package cost.


If you are looking for a more bespoke audit, please contact us to discuss your requirements with our Data Protection and Information Security team.

Data Protection Officer services

We can help you fulfil your Data Protection Officer (DPO) requirements in a way that suits you, ranging from our DPO Assist Package, which includes a basic and enhanced offering, to our comprehensive DPO Outsourced Package. Contact us for a price for this service based on your organisation’s needs.

Please call us on 01382 229111 for practical employer advice and support on GDPR compliance. Or complete our online enquiry form and an expert in our Data Protection and Information Security team or Employment team will call you back.

Employment Law Services

Our specialist Employment lawyers are on hand with clear advice and help for you on all aspects of employment law.


Meet the Experts

We offer a full range of employment law services for employers, backed by an expert team of lawyers

Make an Enquiry

Top