Data protection: Manage the practical and legal challenges of workplace coronavirus testing

With the Test and Trace service beset by problems, Chris Cook examines the data protection issues and other difficulties facing employers who wish to carry out their own tests for Covid-19 Health records are a special category of personal data, so if an employee does disclose their test result, the employer must take additional measures …
This post is only available to members.

Dawson-Damer & ors v Taylor Wessing LLP & ors [2019] WTLR 1111

Wills & Trusts Law Reports | Winter 2019 #177

The claimants are beneficiaries of a number of Bahamian trusts; Taylor Wessing LLP (TW) act as the solicitors for the trustees of a number of these trusts.

On 14 August 2014, the claimant served a subject access request (SAR) on TW, requesting disclosure of the personal data relating to them held by TW as the solicitors for the trustees They were unsatisfied by the disclosure provided to them by TW, and brought proceedings under s7(9) of the Data Protection Act 1998 (DPA 1998).

The matter came before the Court of Appeal ([2017] 1 WLR 3255), which ...

Data protection: Top tricky GDPR issues to tackle

Kirsti Laird and Connie Holden give advice on some of the most difficult issues that employers have been facing since the GDPR came into effect last May ‘The clear direction from both the legislature and the courts is that, rather than being incidental, personal data protection is a core element of the operation of any …
This post is only available to members.

Data protection: Leak liability

Miriam Everett, Julian Copeman, Christine Young, Andrew Moir, Greig Anderson and Lucy McAlister consider a recent Court of Appeal judgment ‘An organisation can be liable for data breaches even if it has taken appropriate measures to comply with the data protection legislation.’ In WM Morrison Supermarkets plc v Various Claimants [2018], the Court of Appeal …
This post is only available to members.

Dawson-Damer & ors v Taylor Wessing LLP & anr [2018] WTLR 57

Wills & Trusts Law Reports | Spring 2018 #171

The appellants were beneficiaries of a number of Bahamian trusts; the respondent solicitors (‘TW’) act on behalf of the trustee of these trusts. On 4 August 2014, the appellants served a subject access request (‘SAR’) on TW, requesting disclosure of the personal data relating to the appellants held by TW as the solicitors for the trustee. The appellants were not satisfied by TW’s response to the SAR. They therefore applied to the court to exercise its discretion under s.7(9) of the Data Protection Act 1998 (‘DPA’), and grant a declaration that TW had not complied with t...

Data protection: How to deal with increased rights for data subjects

In the second of a three-part series on the GDPR, Michael Briggs and Antonia Blackwell consider employees‘ increased rights, the retention of personnel records and the content of privacy notices ‘The GDPR confirms that employees have the continued right to access their personal data so that they understand the extent, and can verify the lawfulness, …
This post is only available to members.

Data protection: How to establish a lawful basis for handling employee information

In the first of a three-part series on the GDPR, Antonia Blackwell and Adele Hayfield explain why employers can no longer rely on employees‘ consent to hold their information ‘Organisations will need to assess the legal basis for each processing activity that they carry out and notify the data subject of this.‘ Part 2: ‘How …
This post is only available to members.

Data Protection: No access

Faranak Ghajavand continues her litigator’s guide to subject access requests ‘The Data Protection Act recognises that there are circumstances where data controllers have legitimate reasons for not complying with a subject access request and provides a number of exemptions from the obligation to do so.’ Part 1: ‘Change the subject’, CLJ73 In this second instalment, …
This post is only available to members.

Data Protection: Change the subject

In the first of a two-part article, Faranak Ghajavand provides a litigator’s guide to the benefits of subject access requests ‘Making a valid subject access request (SAR) is straightforward and inexpensive. There is no prescribed format provided it is in writing – indeed the Code of Practice specifies that data controllers may not insist on …
This post is only available to members.

Data Protection: The rules are changing

Stricter regulations on handling personal data are set to come into force next year. Stephanie Prior reports ‘The purpose of these new rules is to tighten up on processes and procedures and make it easier for people to bring claims against companies who do not follow the new GDPR rules. The rules promote accountability and …
This post is only available to members.