Bringing Cybersecurity and Data Protection Experts to the UK & Data protection concerns for Business Immigration

Together we are Forbes


29 February, 2024

Mohammad Chaudhry

Given the current digital landscape, the demand for skilled professionals in cyber security and data protection has sky rocketed. Securing the right talent is crucial for safeguarding sensitive information and maintaining the integrity of digital assets. The skilled worker route provides an avenue for companies to attract top tier cyber security and data protection experts from around the globe.

Skilled Worker Visa:

To sponsor a skilled worker, a business must obtain a Sponsor licence, enabling them to assign a certificate of sponsorship (COS). The COS is then used by the Skilled worker when applying to the Home Office for their visa. The certificate of sponsorship must be issued by the employer no more than three months before the date of their application. The employer is required to pay an immigration skills charge and COS fee. Employing an overseas worker without the necessary licence results in a breach of immigration rules and right to work legislation, and you may be fined and prosecuted.

Employers must ensure that the role for which they are recruiting is sufficiently skilled (at or above RQF Level 3). This means checking that the job corresponds with one of the eligible "standard occupation codes (SOC)". The salary which is being offered must at least be at the minimum level of £26,200 per anum unless it is in a shortage occupations list.

Businesses looking to hire overseas workers must navigate a complex landscape of data protection and cyber security challenges. From conducting right to work checks, to collaborating with immigrations advisors, employers must process, retain, and send sensitive information whilst also ensuring compliance with data protection polices and regulations.

Right to work checks:

One crucial step in hiring overseas workers is the right to work check, a process that involves verifying an individual's eligibility to work in the UK. Employers must have to copy and keep the sensitive information, for the duration of the workers employment and for two years after. The processing of sensitive information in this circumstance is not against the UK GDPR as it is necessary for compliance with a legal obligation (Article 6 UK GDPR).

Data required for Right to Work checks, such as passports, visas and birth certificates, are classed as "special category data". Special category data is personal data which the UK GDPR says is more sensitive, and as such requires more protection. This data, to comply with the UK GDPR, must be:

  • Processed lawfully, fairly and in a transparent manner in relation to individuals.

  • Relevant and limited to what is necessary in relation to the purposes for which they are processed.

  • Kept for no longer than is necessary for the purposes for which the personal data is being processed.

Data storage methods

  • Your company should implement appropriate security measures, including encryption, password protection, access control and regular security audits.

  • Minimise the amount of data retained to the essentials required for compliance - redacting irrelevant information and avoiding storing the data longer than necessary.

  • Manual paper-based storage systems, i.e., filing cabinets, with minimal restrictions are at risk. Ensure they are locked up, with only those necessary having access to it.

  • It is also important to have a plan on how you will respond to data leaks.

Data deletion

Organisations have a legal obligation to store right to work checks for two years once an employee has left the business. Consideration must be given as to how this data is controlled and audited. Data/paperwork must be confidentially exposed of at the end of the required period.

Privacy Notice:

If you are employing an overseas worker, it may be necessary to provide a comprehensive privacy notice detailing how and why their data is processed, the duration of retention, and any third-party collaborations, such as immigration advisors.


Ensuring compliance with data protection policies and regulations, implementing robust data storage methods, and establishing clear protocols for data deletion are crucial steps in safeguarding the privacy of individuals involved in the hiring process. As businesses venture into the global talent market, prioritising these measures not only facilitates legal compliance, but also builds trust and credibility in an environment where data protection is paramount.

For more information contact Mohammad Chaudhry in our Manufacturing & Engineering department via email or phone on 01772220225. Alternatively send any question through to Forbes Solicitors via our online Contact Form.

Learn more about our Manufacturing & Engineering department here

Cybersecurity and Preserving Data in the Manufacturing Sector…

Cybersecurity in the Manufacturing Sector

Contact Us

Get in touch to see how our experts could help you.

Call0800 689 3206

CallRequest a call back

EmailSend us an email

Contacting Us

Monday to Friday:
09:00 to 17:00

Saturday and Sunday: