For the last year or so the EU Commission has been working on the world’s first serious attempt to create a regulatory framework around the use of AI, the Artificial Intelligence Act. The Proposal itself runs to over 100 pages of dense type and no pictures, so is a fairly off-putting read at first look. … Continue Reading
To conclude our series dealing with questions raised at our Handling Grievances webinar in April, here are our thoughts on three last queries around how events at grievance and investigation meetings are recorded. If the individual states they want to record the meeting, are we able to say no?… Continue Reading
Back in March we posted here an explanation of why the “manifestly unfounded” exception to an employer’s DSAR obligations was perhaps less helpful than the ICO’s then guidance suggested. Now there is some new ICO guidance out this week which probably does move the needle slightly more usefully in favour of the employer.… Continue Reading
Here are brief answers to two more of the questions raised at this week’s webinar on Effective Settlement Agreements. Can we make it a term of a Settlement Agreement that an employee will not make a DSAR after he leaves? Yes and no. Yes, in that he can sign up to such a term. No, … Continue Reading
We had several hundred sign-ups to our webinar on effective settlement agreements this week, so unfortunately did not get to deal with all the questions fed in through the chat box thingy on the screen. As promised, here are some of the answers – more to follow shortly.… Continue Reading
Just flicking idly through the ICO’s new guidance the other evening, as you do when the only alternative is Ant & Dec, and two paragraphs caught my eye. In the section relating to DSARs which are “manifestly unfounded” (and can therefore be batted away by the employer) appear two examples, where:… Continue Reading
Unheralded and unannounced, recently revised GDPR guidance from the ICO removed one small source of comfort for employers facing DSARs from employees. It used to say that the 30-day time limit was paused, the clock stopped, if you asked the requester for information to clarify his DSAR and it was not provided. This was not … Continue Reading
In part 1 of this blog series, we asked how employers facing a Data Subject Access Request (DSAR) should be dealing with ‘mixed data’ cases, i.e. when a third party’s personal data is intertwined with that of the requester? Mixed data comes in many forms; for example, an email from John to a colleague saying … Continue Reading
Some DSARs can be wonderfully straightforward: “Can I have a copy of my personnel file?” “Absolutely, here you go” “Can I have a copy of the notes from my appeal hearing?” “Of course, all yours. Any time” However, a large number of DSARs submitted by employees are far more taxing: “Can I have all personal … Continue Reading
In the second of our five part blog series on Data Subject Access Requests (DSARs), we examine the notion of “complexity” and how that might affect the way you respond as an employer to a DSAR. What is “complex”? Under the General Data Protection Regulation (GDPR), data controllers must respond to DSARs “without undue delay … Continue Reading
Just when we thought we were getting to grips with some of the stickier issues around Data Subject Access Requests (DSARs), then along comes the EU General Data Protection Regulation (GDPR) and numerous new ambiguities over how its DSAR provisions might work in practice. We are waiting for the ICO’s guidance and update on its … Continue Reading
Every employer will recognise the sinking feeling which accompanies receipt of a data subject access request from a current or former employee. Not only is it a fair indicator that he is considering doing something unpleasant to you, but you face also the prospect of wading through your entire server, waist-deep in irrelevancies, to find … Continue Reading
