Tag archives: data protection

New EU rules for protection of whistleblowers

On 7 October 2019, the EU Council formally adopted the new Whistleblowing Directive that will guarantee whistleblowers EU-wide standards of protection. The Directive obliges both public and private organisations and authorities to set up secure reporting channels, so that whistleblowers can report violations of EU law as safely as possible. Member States have two years to transpose the rules into national law.

The main elements of the new legislation are:

  • Companies with more than 50 employees and national and regional administrations and local municipalities with more than 10,000 inhabitants will be obliged to set up secure reporting channels. They will
Continue Reading

German court: Protection of whistle-blower confidentiality does not generally override the data subject access right

On the scope of subject access requests under the EU General Data Protection Regulation (GRPR) in the context of compliance and whistle-blowing regimes, the Regional Labour Court (Landesarbeitsgericht) of Stuttgart decided that an employer was required not only to provide an employee with the records containing performance and behavioural data, but also to disclose information regarding internal investigations. This is the first reported successful enforcement of a data subject access right under Article 15 GDPR before a regional labour court in Germany. (The judgment was handed down on 20 December 2018 but has just been published … Continue Reading

Vicarious liability in the data breach context – bad news for UK employers

The Court of Appeal has upheld a decision of the High Court holding that an employer can be vicariously liable for data breaches caused by the actions of an employee, even where the employee’s actions were specifically intended to harm the employer. This decision is significant as it means a company can be held liable to compensate affected data subjects for loss caused by a data breach, even where the company has committed no wrongdoing and regardless of the employee’s motive.

In reaching this conclusion, the Court of Appeal confirmed that the Data Protection Act 1998 (DPA) does … Continue Reading

RGPD : nouveau facteur de risque en droit social?

Le règlement général sur la protection des données (« RGPD ») est entré en vigueur le 25 mai 2018. Il modifie la législation antérieure sur le traitement des données personnelles en supprimant notamment le principe de déclaration préalable à la CNIL. Cette déclaration est remplacée par une obligation pour l’entreprise de démontrer la conformité de ses systèmes de traitement des données, notamment par la nomination d’un délégué à la protection des données et l’obligation de notifier les violations de données. Les sanctions liées au non-respect de cette réglementation ont de quoi faire frémir les directions juridiques puisque les amendes que … Continue Reading

The GDPR – What does it mean for Employers?

You cannot fail to have noticed that the GDPR (General Data Protection Regulation ((EU) 2016/679)) came into force today.   The Data Protection Act 2018 received Royal Assent on 23 May and ensures that the standards set out in the (GDPR) have effect in the UK.

The GDPR affects the processing of employment data – but what does this actually mean for employers?

Changes to contracts of employment

Many existing contracts of employment will contain clauses giving consent for employers to process their employees employment data. As a result of the GDPR the conditions for obtaining consent to processing of data … Continue Reading

LexBlog