data protection

Data protection cases in the spotlight

Two recent cases involving data protection have recently been in the spotlight.  In WM Morrisons Supermarkets PLC v Various Claimants, the Court of Appeal dismissed Morrisons’ appeal against the High Court’s decision that Morrisons was vicariously liable for the deliberate disclosure by an employee of his co-workers’ personal data on the internet. Unless there is a successful appeal to the Supreme Court, Morrisons is now facing liability for damages in respect of over 5,000 individuals. …

Data protection cases in the spotlight Read More »

Less than one month to go until GDPR: Are you ready?

The countdown is on to the implementation of the GDPR on 25 May 2018. With less than one month to go, many employers will be finalising their preparation for the changes the new law will bring to data protection in the workplace. For those employers finalising their preparations, it may be time to check in to ensure that you remain on track and on target.  But for those organisations who are only just turning their …

Less than one month to go until GDPR: Are you ready? Read More »

Data Protection Bill: impact on employee data

On 14 September the UK Government published the draft Data Protection Bill, to replace the Data Protection Act 1998 (DPA) and supplement the forthcoming General Data Protection Regulation (GDPR) in certain key areas. Our earlier Blog Entry provided an overview of the Bill. In this article we highlight the specific impact of the Bill on how employers process workforce data.  Extra safeguards for special categories of data Special categories of personal data are data revealing …

Data Protection Bill: impact on employee data Read More »

Draft Data Protection Bill published

Yesterday the Government published the draft Data Protection Bill which will replace the Data Protection Act 1998, supplement the General Data Protection Regulation in certain areas and provide more detail on how the GDPR will be enforced in the UK . DLA Piper’s Privacy team has published a blog post on their Privacy Matters blog which explains the key provisions of the Bill. The Bill will have a significant impact on how employers deal with …

Draft Data Protection Bill published Read More »

Monitoring employees: Guidance on privacy in the workplace

The recent decision of the European Court of Human Rights in Barbulescu v Romania (see our Be Aware blog post of 7 September) has placed the spotlight once more on the extent to which employers are permitted to monitor their employees’ communications and activities. The adoption of new information technologies in the workplace allows for systematic and potentially invasive monitoring, enabling employers to track employees not just in the workplace but potentially in their homes …

Monitoring employees: Guidance on privacy in the workplace Read More »

Government publishes Statement of Intent on proposals for new data protection laws

On 7 August 2017, Government publishes its Statement of Intent (SoI) on ‘A new Data Protection Bill: Our planned reforms’. The SoI states that implementation of the GDPR and repeal of the Data Protection Act (DPA) will be done in a way that so far as possible preserves the concepts of the DPA to ensure that the transition for all is as smooth as possible while complying with the GDPR in full. The Government has …

Government publishes Statement of Intent on proposals for new data protection laws Read More »

How to prepare for GDPR: Implementing a compliance programme

In the latest in our series of briefings on preparing for GDPR, we focus on the steps necessary to implement a GDPR compliance programme. With only one year to go until GDPR comes into force on 25 May 2018, it is vital that organisations take action now to ensure that they are ready to comply with GDPR, in order to be in a position to meet regulatory standards, and minimise risk. The aim is to …

How to prepare for GDPR: Implementing a compliance programme Read More »

Practical impacts of GDPR on the employment relationship

In the next of our series of briefings on the General Data Protection Regulation (GDPR) we focus on some more of the practical impacts of GDPR on the employment relationship and what businesses can do to manage these and prepare for implementation by May 2018. Data subject access requests Under the GDPR, employees will have the right to much more detailed, transparent and accessible information about the processing of their data. Data subject access requests …

Practical impacts of GDPR on the employment relationship Read More »

Preparing for the GDPR: New employee data subject rights could disrupt core HR procedures

The General Data Protection Regulation (GDPR), due to come into force throughout the EU including the UK on 25 May 2018, will force through a culture change in terms of attitudes to data privacy, according to the Information Commissioner Elizabeth Denham. Speaking at the Data Protection Practitioners’ Conference 2017, Denham warned that organisations risking damaging their brands and their business if they are seen to be cavalier with personal data: “If an organisation can’t demonstrate …

Preparing for the GDPR: New employee data subject rights could disrupt core HR procedures Read More »

Privacy Shield adopted by European Commission and US Department of Commerce

Earlier this month, the European Commission (EC) voted to adopt the final version of the new EU/US data protection scheme, the Privacy Shield, which provides a mechanism for the valid transfer of personal data from the EU to the US.  The scheme was approved simultaneously by the US Department of Commerce (DoC).     The Privacy Shield is a replacement for the previous EU/US data transfer scheme,  the Safe Harbour Agreement,  which was declared invalid by the …

Privacy Shield adopted by European Commission and US Department of Commerce Read More »

Despite Brexit, businesses need to start preparing for the General Data Protection Regulation

The Information Commissioner’s Office (ICO) has published an Overview of the European General Data Protection Regulation (GDPR) for organisations. The changes anticipated by GDPR are wide-ranging and require a cross-organisational compliance framework that will take time to assess and implement effectively. Organisations which process data within the UK should start their planning now if they have not already done so. The result of the 23 June 2016 referendum on membership of the EU means that …

Despite Brexit, businesses need to start preparing for the General Data Protection Regulation Read More »