Tag archives: data protection

The new German Works Council Modernization Act

The “Act to Promote Works Council Elections and Works Council Activities in a Digital Working World” (Betriebsrätemodernisierungsgesetz – Works Council Modernization Act) came into force on June 18, 2021. The Act is intended to facilitate the activities of works councils and to strengthen the co-determination rights of works councils with regard to the use of … Continue reading

UK Pensions: Data transfers from the EU likely to continue uninterrupted

We’re pleased to report what looks like some good news for pension schemes on data protection. The European Commission has published a draft decision as to the “adequacy” of the UK’s data protection laws. If the draft decision is formally approved by EU Member States, this would allow personal data to flow from the EU … Continue reading

New EU rules for protection of whistleblowers

On 7 October 2019, the EU Council formally adopted the new Whistleblowing Directive that will guarantee whistleblowers EU-wide standards of protection. The Directive obliges both public and private organisations and authorities to set up secure reporting channels, so that whistleblowers can report violations of EU law as safely as possible. Member States have two years … Continue reading

German court: Protection of whistle-blower confidentiality does not generally override the data subject access right

On the scope of subject access requests under the EU General Data Protection Regulation (GRPR) in the context of compliance and whistle-blowing regimes, the Regional Labour Court (Landesarbeitsgericht) of Stuttgart decided that an employer was required not only to provide an employee with the records containing performance and behavioural data, but also to disclose information … Continue reading

Vicarious liability in the data breach context – bad news for UK employers

The Court of Appeal has upheld a decision of the High Court holding that an employer can be vicariously liable for data breaches caused by the actions of an employee, even where the employee’s actions were specifically intended to harm the employer. This decision is significant as it means a company can be held liable … Continue reading

RGPD : nouveau facteur de risque en droit social?

Le règlement général sur la protection des données (« RGPD ») est entré en vigueur le 25 mai 2018. Il modifie la législation antérieure sur le traitement des données personnelles en supprimant notamment le principe de déclaration préalable à la CNIL. Cette déclaration est remplacée par une obligation pour l’entreprise de démontrer la conformité de ses systèmes … Continue reading
LexBlog