Just flicking idly through the ICO’s new guidance the other evening, as you do when the only alternative is Ant & Dec, and two paragraphs caught my eye. In the section relating to DSARs which are “manifestly unfounded” (and can therefore be batted away by the employer) appear two examples, where:… Continue Reading
In January 2018 we wrote about Ribalda –v- Spain, a European Court of Human Rights case in which a number of supermarket employees were awarded compensation for breach of their privacy rights. They had been stealing quite handsomely from their employer over some months, as they freely admitted, but nonetheless thought it entirely improper that … Continue Reading
In part 1 of this blog series, we asked how employers facing a Data Subject Access Request (DSAR) should be dealing with ‘mixed data’ cases, i.e. when a third party’s personal data is intertwined with that of the requester? Mixed data comes in many forms; for example, an email from John to a colleague saying … Continue Reading
Some DSARs can be wonderfully straightforward: “Can I have a copy of my personnel file?” “Absolutely, here you go” “Can I have a copy of the notes from my appeal hearing?” “Of course, all yours. Any time” However, a large number of DSARs submitted by employees are far more taxing: “Can I have all personal … Continue Reading
In the second of our five part blog series on Data Subject Access Requests (DSARs), we examine the notion of “complexity” and how that might affect the way you respond as an employer to a DSAR. What is “complex”? Under the General Data Protection Regulation (GDPR), data controllers must respond to DSARs “without undue delay … Continue Reading
Just when we thought we were getting to grips with some of the stickier issues around Data Subject Access Requests (DSARs), then along comes the EU General Data Protection Regulation (GDPR) and numerous new ambiguities over how its DSAR provisions might work in practice. We are waiting for the ICO’s guidance and update on its … Continue Reading
With apologies for the interruption to this series, here are two further reader questions on the GDPR as it will apply to employers in the UK. I have heard that my corporate email address is my personal data. Does that mean that a DSAR sent to my employer should bring me copies of everything in … Continue Reading
In response to our invitation to contact us with GDPR enquiries, one kind reader has bowled us this particular googlie: Most people in business will have accumulated large contact lists in Outlook email systems or similar, containing many names and other contact details built up over a number of years. Will the GDPR really require … Continue Reading
What would count as sharing data with a third party? For example, if we are booking employees on an external training course where we would only provide their name, would this amount to sharing data with a third party? The sharing of an employee’s name with an external training provider would certainly amount to the … Continue Reading
At our recent webinar on “GDPR Compliance: How UK Employers Can Meet the 25 May 2018 Deadline” we were asked a number of questions via the chat facility. Those questions showed that with less than a year to run and much to do before then, there is still widespread uncertainty as to the detail of … Continue Reading
Exactly one year from today, Brexit notwithstanding, the EU General Data Protection Regulation comes into effect. This is aimed primarily at commercial progressing of customer data but still has significant ramifications for HR’s handling of employee data. Compliance with the Data Protection Act as it stands will not be enough to protect against breaches of … Continue Reading
Polish Data Protection rules are quite restrictive when it comes to the information that employers may safely request from the candidate or the employee but now there is a new question for them to consider: are you male or female? This is not quite as silly as it sounds. As a rule you can tell … Continue Reading
I first became interested in employee privacy and monitoring many many years ago. A client received a complaint from an employee who had just discovered that his brief interlude having sex with a colleague in the stockroom had been caught on the camera placed there to cut down on theft. I forget the precise gist … Continue Reading
In April we posted a fairly shameless plug for our new labour and employment product, Global Edge. Shameless, but justified. If you have international HR responsibilities (in the traditional sense of “will be blamed if anything goes wrong in your overseas network“) then you should really take a look https://www.employmentlawworldview.com/spb-launches-ground-breaking-reference-tool-for-international-hr-and-legal-teams/. Global Edge will provide you … Continue Reading
The French Supreme Court recently ruled that an employer could not rely on the report of a private detective it had hired to spy on one of its employees to obtain an injunction against him because this was a breach of the employee’s privacy and that could not be justified, however legitimate were its concerns. … Continue Reading
Every so often, despite many years’ service in the Employment law trenches dealing with the less attractive end of human nature, a case comes along which still has the capacity to surprise. Sometimes it is in the outcome, but more usually in that anyone felt it worth bringing in the first place. Enter Sarah Baskerville, … Continue Reading