1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

GDPR – are your interests legitimate?

Under the GDPR the requirements for consent will be much stricter, particularly in the employment context, where it is generally accepted that the imbalance of power between the employer and employee is likely to invalidate any consent given by the employee. In this context, employers may turn increasingly to "legitimate interests" as the lawful basis for processing their employees' personal data.
Read more »
GDPR – are your interests legitimate?

GDPR: subject access requests – what’s new?

Do not be complacent, GDPR is making some subtle but important changes to the well-known system for subject access requests under the Data Protection Act 1998 ……
Read more »
GDPR: subject access requests – what’s new?

GDPR deadline looms: Are your immigration data processes compliant?

The introduction of the General Data Protection Regulation (GDPR) presents a huge challenge for employers in many data processing scenarios. With the implementation date less only 10 weeks away employers should consider their immigration data processes which understandably deal with considerable personal date. This article, by UK Head of Immigration Jessica Pattinson highlights on a few common immigration scenarios that need to be dealt with from a GDPR perspective.

https://www.personneltoday.com/hr/gdpr-deadline-looms-immigration-data-processes-compliant/

GDPR deadline looms: Are your immigration data processes compliant?

Three months to go until GDPR comes into force: are you ready?

Has getting to grips with GDPR been lingering on your to-do list for the past year? With only three months to go until GDPR comes into force on 25 May, now is the time to push it to the top of your list.

Don’t panic if you have not yet started to prepare. Here are our top tips for getting your organisation ready:

  • Start with an audit of what data you hold and what you do with it. You can then consider what legal basis you have for processing the data. With the advent of GDPR, you should be moving away from the use of consent, which individuals are entitled to withdraw, to one of the other permitted bases for processing data. In the employment context, most data processing will be permitted as being required for performance of the employment contract or complying with a legal obligation. There is also a basis for processing where an organisation has “legitimate interests” to do so.
  • A new privacy notice will be needed to comply with GDPR. Consider having separate privacy notices for existing employees and for recruitment purposes. GDPR requires privacy notices to be concise, easily accessible and easy to understand. There is a significant list of mandatory information which needs to be included in a compliant notice.
  • If, like most employers, you have a data protection consent clause in your template employment contract, this should be removed from any new contracts being issued. You don’t need to issue fresh contracts to existing employees but you should let them know that you are no longer relying on consent and refer them to your new privacy notice.
  • Put in place a procedure for dealing with subject access requests – GDPR requires requests to be dealt with faster (within a month in all but exceptional cases) and without charging a £10 fee (except where a request is “manifestly unfounded or excessive”, in which case you can charge a “reasonable” fee). You should also have a procedure in place for dealing with any data breach and the new requirement to notify the Information Commissioner’s Office of such a breach.
  • Start training employees so that everyone is aware of their responsibilities.

Whilst GDPR brings with it the threats of significantly increased penalties for non-compliance, starting preparations now (if you have not already done so) will stand your organisation in good stead for the new regime. If you need support in tackling your preparations, please get in touch with a member of the team.

Three months to go until GDPR comes into force: are you ready?

Surveillance of employees in the workplace and the Article 8 right to privacy

Advances in technology have made monitoring employees easier than ever before. With the increased use of email, smartphones, laptops, trackers and SmartWare, almost every mode of communication has gone digital. As such, it is now possible to monitor your employees’ every movement and communication, to find out not just where they are but also how productive they are being.

However, many employees try to argue that this monitoring is an intrusion on their right to a private life (under Article 8 of the Human Rights Act) and is therefore unlawful.

This important issue has been the focus of two recent decisions by the European Court of Human Rights (ECHR). In each case, the judges considered the limits on what is and isn’t permissible when it comes to the surveillance of employees.

Read more here.

Surveillance of employees in the workplace and the Article 8 right to privacy

Less than half of businesses prepared for GDPR

According to new research carried out by the Department for Digital, Culture, Media & Sports, less than half of all UK businesses and charities are aware of the changes to UK data protection law under the EU's General Data Protection Regulation (GDPR) which will come into force on 25 May 2018.
Read more »
Less than half of businesses prepared for GDPR

Surveillance at work

The European Court of Human Rights has found that the covert surveillance of an employee at his or her workplace must be considered to be a considerable intrusion into his or her private life. It entails a recorded and reproducible documentation of a person's conduct at his or her workplace, which he or she, being obliged under the employment contract to perform the work in that place, cannot evade.
Read more »
Surveillance at work

Data protection breaches: vicarious liability for employee’s criminal actions

WM Morrisons Supermarkets plc have been found vicariously liable for a data protection breach after an employee bearing a grudge deliberately published personal details of 100,000 of its employees on the internet.
Read more »
Data protection breaches: vicarious liability for employee’s criminal actions

GDPR: time to start thinking about the new rules coming into force from 2018

The EU's General Data Protection Regulations (GDPR) will apply in the UK from 25 May next year. With increasingly tighter requirements around how employers must maintain and process personal data, and with the number of fines issued for breaches of UK data protection laws on the increase, many employers are already looking to employ permanent staff dedicated to ensure compliance with the new rules.
Read more »
GDPR: time to start thinking about the new rules coming into force from 2018

Insight: UK Employment Law Round-up – June 2016

In this issue we look into the implications of misusing data in the employment context. In particular, we utline recent ICO prosecutions of employees for unlawfully obtaining data. We also look at a decision involving interim relief and an order for the deletion of data.

UK Employment Law Round-up – June 2016In our case law review we also analyse the Advocate General’s view on a ban on wearing a headscarf at work and whether that is discriminatory under the European Directive.

For those concerned about issues involving working time, there is a helpful clarification about injury to feelings awards in the context of Working Time Regulations claims.

There are also some indications of future legislative changes in relation to the National Minimum Wage and increasing the representation of black and minority ethnic workers in the workplace.

Read the full newsletter here.

Insight: UK Employment Law Round-up – June 2016