Tag Archives: GDPR

Workplace monitoring – new guidance from the ICO

Workplace monitoring has become a matter of particular contention in recent years. In a world where remote and hybrid working practices have become the norm, many employers have concerns about what their employees are actually doing while ‘at work’ elsewhere. This has led to an increasing amount of discussion about monitoring employees who are working … Continue Reading

New post-Brexit DSAR guidance – still no bonfire (UK)

Back in March 2020 we reported here on some new guidance from the Information Commissioner’s Office concerning DSARs.  In particular, we looked at what it said about the employer’s rights not to comply with a DSAR to the extent that it was manifestly unfounded or manifestly excessive, and concluded that despite the superficially encouraging words … Continue Reading

When employee consent is the start of the problem, not the end – the GDPR shows some teeth

The Greek Data Protection Authority has imposed a 150,000 EUR fine on PriceWaterhouseCoopers Business Solutions SA for – get this – asking their employees’ consent to process their personal data. It may strike you as counterintuitive (and going against everything your mother ever told you) that asking consent could get you into trouble, but where … Continue Reading

Employee Data Subject Access Requests in the UK: Part 4 – how to deal with mixed data

In part 1 of this blog series, we asked how employers facing a Data Subject Access Request (DSAR) should be dealing with ‘mixed data’ cases, i.e. when a third party’s personal data is intertwined with that of the requester? Mixed data comes in many forms; for example, an email from John to a colleague saying … Continue Reading

Employee Data Subject Access Requests: Part 3 – DSARs and proportionality – limiting the search (UK)

Some DSARs can be wonderfully straightforward: “Can I have a copy of my personnel file?” “Absolutely, here you go” “Can I have a copy of the notes from my appeal hearing?” “Of course, all yours. Any time” However, a large number of DSARs submitted by employees are far more taxing: “Can I have all personal … Continue Reading

Employee Data Subject Access Requests: Part 2 – It’s complicated – extending the DSAR deadline (UK)

In the second of our five part blog series on Data Subject Access Requests (DSARs), we examine the notion of “complexity” and how that might affect the way you respond as an employer to a DSAR. What is “complex”? Under the General Data Protection Regulation (GDPR), data controllers must respond to DSARs “without undue delay … Continue Reading

Employee Data Subject Access Requests: Part 1 – where are we now and what questions remain? (UK)

Just when we thought we were getting to grips with some of the stickier issues around Data Subject Access Requests (DSARs), then along comes the EU General Data Protection Regulation (GDPR) and numerous new ambiguities over how its DSAR provisions might work in practice.  We are waiting for the ICO’s guidance and update on its … Continue Reading

Practical Guide to the GDPR – Part 8

Part 7 of this series looked at how far an employer might be exposed if employees whose images were used in internal or external marketing or other corporate communications then withdraw their consent to that processing. Our Global IP and Technology team has now provided some useful further thoughts on this risk, accepting that the … Continue Reading

Employee Wellbeing Programmes (UK)

With a clear link between increased employee wellbeing (both in terms of physical and mental health) and reduced sickness absence, many employers may use renewed New Year ambitions to adopt or promote employee wellbeing programmes. Businesses have introduced measures including step challenges with free pedometers, fruit ‘desk drops’ and health monitoring stations in the workplace. … Continue Reading
LexBlog