Editor's message: The Data Protection Act 1998, which implements the Data Protection Directive, regulates the handling of personal data. Employers must comply with the Data Protection Act 1998 in relation to the collection, use and storage of personal information, which includes information about job applicants (such as application forms and CVs) and employees that is held on a computer.
There are data protection issues around employees using their own devices for work purposes, both in relation to the storage of personal data of other employees in the organisation and the extent to which employers can monitor employees’ use of these devices.
The EU General Data Protection Regulation, which replaces the Data Protection Directive, is due to come into force on 25 May 2018, before the UK is expected to leave the EU. The Government has confirmed that the UK will implement the Regulation. The aim of the Regulation is to establish a modern and harmonised data protection framework across the EU. One notable aspect of the Regulation is the level of fines that may be imposed for a breach. The maximum fine on an organisation is the higher of €20 million or 4% of its worldwide annual turnover.
Felicity Alexander, employment law editor
An investment bank employee has been investigated by the Financial Conduct Authority after sharing confidential client information over WhatsApp. While a reasonable level of employee social media use at work may be acceptable, it is still important to have clear social media policies.
The vast majority of HR professionals do not have a good understanding of the upcoming General Data Protection Regulation (GDPR) requirements for employers.
Listen to experts Ross McKean and Katherine Gibson explain the requirements under the General Data Protection Regulation.
Practical guidance on starting to prepare for the General Data Protection Regulation (GDPR), including understanding the main changes that will impact on HR; obtaining organisational buy-in for GDPR compliance; assembling a GDPR compliance team; and conducting a risk assessment of employee data processing practices.
Although the General Data Protection Regulation does not come into force until May 2018, employers need to be preparing now. Experts Ross McKean and Katherine Gibson give practical advice for employers developing a compliance plan.
The EU General Data Protection Regulation (GDPR), which replaces the 1995 Data Protection Directive, is due to come into force in the UK on 25 May 2018. We round up our current and forthcoming resources on preparing for the GDPR.
Updated to provide information on Dawson-Damer and others v Taylor Wessing LLP, in which the Court of Appeal considered disproportionate effort and legal professional privilege in subject access requests.
A recent legal case involving messaging service WhatsApp raises issues about monitoring employee communications. Nick Le Riche, a partner at Bircham Dyson Bell, offers practical tips on balancing employees' privacy rights with employers' need to protect confidential data.
The Government seeks views on derogations under the General Data Protection Regulation.
Chris Cook is a partner and Keely Rushmore is a senior associate at SA Law. They round up the latest rulings.
HR and legal information and guidance relating to data protection.