Call us on: 0333 2400 308

June 5, 2016

Legal Issues – Data Issues

Former employee prosecuted for transferring client information unlawfully and upcoming Data Protection changes.

An employee who transferred client information held by his company to his personal email account before moving to his new job at a competitor company has been prosecuted by the Information Commissioner’s Office (ICO).

The ICO prosecuted the individual under section 55 of the Data Protection Act 1998, and he was fined for the breach. The email he sent to himself contained highly sensitive information including contract details, order history and payment details of the company’s clients.

This is not the first time the ICO has prosecuted an individual due to data protection breaches. Another former employee was fined for trying to obtain personal data without the consent of the data controller.

It’s important to remember that the ICO do have the power to prosecute for breaches of the Data Protection Act 1998 and such action could become more frequent in the future given the UK’s adoption of the new EU General Data Protection Regulation (GDPR). This will not only affect how companies deal with client data but also how they handle and process employee data. The GDPR is expected to take effect in the first half of 2018.

Many of the GDPR’s main concepts and principles are similar to those in the current Data Protection Act 1998. However, there are new elements and highly significant enhancements that employers need to be aware of, such as:

  1. Employers will have to give extensive information to their employees when obtaining personal data from them. This will include information on how employers intend to use the data, why the data is required and being processed, how long the information will be retained for and how to raise a complaint with the ICO if they are unhappy about how their data is being used.
  2. Obtaining consent to data processing within an employee’s employment contract is likely to be considered insufficient in terms of the GDPR. Consent given by an employee can be withdrawn at any time given employees will have the right to object where their consent is used as a legal basis for processing their data. Consent will have to be freely given, specific, unambiguous and informed.
  3. Data subject access requests will be made easier for employees and without payment of a fee, and employers will have a maximum of one month to respond.
  4. A self-reporting regime will be introduced whereby employers need to notify data protection breaches which result in a risk to the rights of employees to the ICO within 72 hours. If there is a high risk to the rights of the employee, then the employee also must be notified.
  5. Employees can insist on the deletion of their data in certain circumstances, or that the data is changed.
  6. Employers will need to be able to demonstrate that they are data protection compliant including by way of records and policies.
  7. Penalties for breaches of data protection obligations are significantly increased – potentially up to 4% of your total turnover!

Now is the time to take stock of your data processing practices. If you have any data protection concerns, please contact Gareth McKnight.

Not Sure Where To Start?

Find Out More

Are you taking on your first member of staff or wondering if you’re compliant with GDPR, maybe you’re unsure if your HR processes are rigorous enough? Get in touch with Navigator today and see how we can help your organisation.

Call Us Now on: 0333 2400 308

or

Newsletter Subscription

Sign Up to the Navigator Newsletter

Stay informed with the latest changes in employment law, health & safety, HR and data protection including noteworthy cases, upcoming events and other useful articles.

We only use your details to send you our monthly newsletter along with event invitations and other useful articles. You can unsubscribe any time.

Contact Us

Get in Touch

0333 2400 308

enquiries@navigatorlaw.co.uk

Floor 3
1-4 Atholl Crescent
Edinburgh
EH3 8HA

Newsletter Subscription

Sign Up to the Navigator Newsletter

Stay informed with the latest changes in employment law, health & safety, hr and data protection including noteworthy cases, upcoming events and other useful articles.

We only use your details to send you our monthly newsletter along with event invitations and other useful articles. You can unsubscribe any time.

Contact Us

Get in Touch

0333 240 308

enquiries@navigatorlaw.co.uk

Floor 3
1-4 Athol Crecent
Edinburgh
EH3 8HA