Just flicking idly through the ICO’s new guidance the other evening, as you do when the only alternative is Ant & Dec, and two paragraphs caught my eye. In the section relating to DSARs which are “manifestly unfounded” (and can therefore be batted away by the employer) appear two examples, where:… Continue Reading
In part 1 of this blog series, we asked how employers facing a Data Subject Access Request (DSAR) should be dealing with ‘mixed data’ cases, i.e. when a third party’s personal data is intertwined with that of the requester? Mixed data comes in many forms; for example, an email from John to a colleague saying … Continue Reading
Some DSARs can be wonderfully straightforward: “Can I have a copy of my personnel file?” “Absolutely, here you go” “Can I have a copy of the notes from my appeal hearing?” “Of course, all yours. Any time” However, a large number of DSARs submitted by employees are far more taxing: “Can I have all personal … Continue Reading
In the second of our five part blog series on Data Subject Access Requests (DSARs), we examine the notion of “complexity” and how that might affect the way you respond as an employer to a DSAR. What is “complex”? Under the General Data Protection Regulation (GDPR), data controllers must respond to DSARs “without undue delay … Continue Reading
Just when we thought we were getting to grips with some of the stickier issues around Data Subject Access Requests (DSARs), then along comes the EU General Data Protection Regulation (GDPR) and numerous new ambiguities over how its DSAR provisions might work in practice. We are waiting for the ICO’s guidance and update on its … Continue Reading
Exactly one year from today, Brexit notwithstanding, the EU General Data Protection Regulation comes into effect. This is aimed primarily at commercial progressing of customer data but still has significant ramifications for HR’s handling of employee data. Compliance with the Data Protection Act as it stands will not be enough to protect against breaches of … Continue Reading
I first became interested in employee privacy and monitoring many many years ago. A client received a complaint from an employee who had just discovered that his brief interlude having sex with a colleague in the stockroom had been caught on the camera placed there to cut down on theft. I forget the precise gist … Continue Reading
Every employer will recognise the sinking feeling which accompanies receipt of a data subject access request from a current or former employee. Not only is it a fair indicator that he is considering doing something unpleasant to you, but you face also the prospect of wading through your entire server, waist-deep in irrelevancies, to find … Continue Reading