Under the GDPR the requirements for consent will be much stricter, particularly in the employment context, where it is generally accepted that the imbalance of power between the employer and employee is likely to invalidate any consent given by the employee.
According to new research carried out by the Department for Digital, Culture, Media & Sports, less than half of all UK businesses and charities are aware of the changes to UK data protection law under the EU's General Data Protection Regulation (GDPR) which will come into force on 25 May 2018.
The European Court of Human Rights has found that the covert surveillance of an employee at his or her workplace must be considered to be a considerable intrusion into his or her private life. It entails a recorded and reproducible documentation of a person's conduct at his or her workplace, which he or she, being obliged under the employment contract to perform the work in that place, cannot evade.
WM Morrisons Supermarkets plc have been found vicariously liable for a data protection breach after an employee bearing a grudge deliberately published personal details of 100,000 of its employees on the internet.
The EU's General Data Protection Regulations (GDPR) will apply in the UK from 25 May next year. With increasingly tighter requirements around how employers must maintain and process personal data, and with the number of fines issued for breaches of UK data protection laws on the increase, many employers are already looking to employ permanent staff dedicated to ensure compliance with the new rules.