With the Test and Trace service beset by problems, Chris Cook examines the data protection issues and other difficulties facing employers who wish to carry out their own tests for Covid-19 Health records are a special category of personal data, so if an employee does disclose their test result, the employer must take additional measures …
Continue reading "Data protection: Manage the practical and legal challenges of workplace coronavirus testing"
This post is only available to members.
Wills & Trusts Law Reports | Winter 2019 #177The claimants are beneficiaries of a number of Bahamian trusts; Taylor Wessing LLP (TW) act as the solicitors for the trustees of a number of these trusts.
On 14 August 2014, the claimant served a subject access request (SAR) on TW, requesting disclosure of the personal data relating to them held by TW as the solicitors for the trustees They were unsatisfied by the disclosure provided to them by TW, and brought proceedings under s7(9) of the Data Protection Act 1998 (DPA 1998).
The matter came before the Court of Appeal ([2017] 1 WLR 3255), which ...
Kirsti Laird and Connie Holden give advice on some of the most difficult issues that employers have been facing since the GDPR came into effect last May ‘The clear direction from both the legislature and the courts is that, rather than being incidental, personal data protection is a core element of the operation of any …
Continue reading "Data protection: Top tricky GDPR issues to tackle"
This post is only available to members.
Miriam Everett, Julian Copeman, Christine Young, Andrew Moir, Greig Anderson and Lucy McAlister consider a recent Court of Appeal judgment ‘An organisation can be liable for data breaches even if it has taken appropriate measures to comply with the data protection legislation.’ In WM Morrison Supermarkets plc v Various Claimants [2018], the Court of Appeal …
Continue reading "Data protection: Leak liability"
This post is only available to members.
Wills & Trusts Law Reports | Spring 2018 #171The appellants were beneficiaries of a number of Bahamian trusts; the respondent solicitors (‘TW’) act on behalf of the trustee of these trusts. On 4 August 2014, the appellants served a subject access request (‘SAR’) on TW, requesting disclosure of the personal data relating to the appellants held by TW as the solicitors for the trustee. The appellants were not satisfied by TW’s response to the SAR. They therefore applied to the court to exercise its discretion under s.7(9) of the Data Protection Act 1998 (‘DPA’), and grant a declaration that TW had not complied with t...
In the second of a three-part series on the GDPR, Michael Briggs and Antonia Blackwell consider employees‘ increased rights, the retention of personnel records and the content of privacy notices ‘The GDPR confirms that employees have the continued right to access their personal data so that they understand the extent, and can verify the lawfulness, …
Continue reading "Data protection: How to deal with increased rights for data subjects"
This post is only available to members.
In the first of a three-part series on the GDPR, Antonia Blackwell and Adele Hayfield explain why employers can no longer rely on employees‘ consent to hold their information ‘Organisations will need to assess the legal basis for each processing activity that they carry out and notify the data subject of this.‘ Part 2: ‘How …
Continue reading "Data protection: How to establish a lawful basis for handling employee information"
This post is only available to members.
Faranak Ghajavand continues her litigator’s guide to subject access requests ‘The Data Protection Act recognises that there are circumstances where data controllers have legitimate reasons for not complying with a subject access request and provides a number of exemptions from the obligation to do so.’ Part 1: ‘Change the subject’, CLJ73 In this second instalment, …
Continue reading "Data Protection: No access"
This post is only available to members.
In the first of a two-part article, Faranak Ghajavand provides a litigator’s guide to the benefits of subject access requests ‘Making a valid subject access request (SAR) is straightforward and inexpensive. There is no prescribed format provided it is in writing – indeed the Code of Practice specifies that data controllers may not insist on …
Continue reading "Data Protection: Change the subject"
This post is only available to members.
Stricter regulations on handling personal data are set to come into force next year. Stephanie Prior reports ‘The purpose of these new rules is to tighten up on processes and procedures and make it easier for people to bring claims against companies who do not follow the new GDPR rules. The rules promote accountability and …
Continue reading "Data Protection: The rules are changing"
This post is only available to members.