By: Marga Caproni, Chelsea Gunning, Lisa Shannon, Annette Demmel, Marmare Barekati, Malgorzata Grzelak, Floriane Essling and Marion Cavalier Following on from our blog earlier in the week concerning the ECJ’s recent decision on data subject access requests (DSARs), we take a brief look at different European countries and the role that DSARs have come to … Continue Reading
In response to questions formulated by the German Amtsgericht of Arnsberg, the ECJ ruled that a first DSAR may be regarded as ‘excessive’, within the meaning of Article 12(5) GDPR, where the data controller demonstrates that, despite formal observance of the conditions governing DSARs, the request was made by the data subject:… Continue Reading
It has been annual review season here at Squire Patton Boggs. Looking back over my efforts this year in the usual endeavour to justify my own existence, I have spotted the same scenario cropping up with unusual frequency. An employee tells their employer that they have experienced something at work that they are not too … Continue Reading
Workplace monitoring has become a matter of particular contention in recent years. In a world where remote and hybrid working practices have become the norm, many employers have concerns about what their employees are actually doing while ‘at work’ elsewhere. This has led to an increasing amount of discussion about monitoring employees who are working … Continue Reading
When an employee leaves, it is often a first step for the business that his personal access to their professional mailbox is cancelled as soon as possible (often even during the exit meeting). But most often that mailbox will remain open for quite some time after the termination, as there is a genuine business concern … Continue Reading
In part 1 of this blog series, we asked how employers facing a Data Subject Access Request (DSAR) should be dealing with ‘mixed data’ cases, i.e. when a third party’s personal data is intertwined with that of the requester? Mixed data comes in many forms; for example, an email from John to a colleague saying … Continue Reading
Some DSARs can be wonderfully straightforward: “Can I have a copy of my personnel file?” “Absolutely, here you go” “Can I have a copy of the notes from my appeal hearing?” “Of course, all yours. Any time” However, a large number of DSARs submitted by employees are far more taxing: “Can I have all personal … Continue Reading
In the second of our five part blog series on Data Subject Access Requests (DSARs), we examine the notion of “complexity” and how that might affect the way you respond as an employer to a DSAR. What is “complex”? Under the General Data Protection Regulation (GDPR), data controllers must respond to DSARs “without undue delay … Continue Reading
Just when we thought we were getting to grips with some of the stickier issues around Data Subject Access Requests (DSARs), then along comes the EU General Data Protection Regulation (GDPR) and numerous new ambiguities over how its DSAR provisions might work in practice. We are waiting for the ICO’s guidance and update on its … Continue Reading
