This is the third instalment of our GDPR for HR FAQs series of mini blogs. In this blog, we consider whether organisations should update their employee handbooks.
It is difficult to find a public or private sector organisation that is not affected by data protection and the recent changes to data protection legislation. Any EU organisation that handles personal information about customers, employees, suppliers or other contacts is required to comply with the General Data Protection Regulation 2016 (“GDPR”) and, in the UK, the Data Protection Act 2018. Organisations based outside the EU but which process personal information relating to EU citizens must also do so in accordance with GDPR.
GDPR came into force on 25 May 2018 and we are continuing to assist businesses with their internal GDPR compliance programmes. Our aim is to break GDPR down into bite size chunks, reducing the impact on the day to day running of a business. With our help, businesses will be confident that they have the necessary processes, procedures and documents in place to achieve GDPR compliance.
We provide proactive support for organisations throughout Yorkshire, nationally and internationally, ranging from owner managed businesses to large corporate organisations and multinational PLCs. We advise on the initial stage of conducting a data mapping exercise, to analysing the results of the data audit on a risk analysis basis and determining the extent of GDPR compliance, or failure to comply, and assisting the organisation with the steps it needs to take to achieve GDPR compliance. Those steps frequently include the production of bespoke internal and external policies and documents, provision of training and guidance notes and cooperation with third parties to update systems and procedures. We also advise businesses on the impact of GDPR on marketing initiatives, as well as the application of the Privacy and Electronic Communications Regulations 2003 to electronic direct marketing.
In addition, we provide reactive advice to organisations that have received requests from data subjects exercising their rights under GDPR, including subject access requests, and to organisations that have breached or are concerned they may have breached GDPR or the Data Protection Act 2018. We are able to provide advice quickly and efficiently to ensure the organisation is able to meet the strict breach notification timescales imposed by GDPR.
For up to date insight on GDPR please visit our GDPR blog page.
Employers have traditionally been legally responsible for the actions of their employees, under the principle is known as vicarious liability. This principle can apply even where an employee’s actions are contrary to the instructions of the employer…
Following passage of the GDPR earlier this year, what information should organisations tell their employees about the personal data processed about them?
Welcome to the fifth instalment in our mini-series of blog posts on the General Data Protection Regulation ("GDPR"). GDPR provides individuals with greater rights over their personal information. This post highlights three principal r…
Welcome to the fourth instalment in our mini-series of blog posts on the General Data Protection Regulation. The blogs provide background to the GPDR and include tips to help you make sure your business has robust data protection processes and procedures …
Welcome to the third instalment in our mini-series of blog posts on the General Data Protection Regulation.
Welcome to the second instalment in our mini-series of blog posts on the General Data Protection Regulation.
Welcome to the first instalment in our mini-series of blog posts on the General Data Protection Regulation.
Autonomous or “driverless” vehicles are in tech-vogue, a movement perhaps exemplified by the rise of Elon Musk’s Tesla, Inc. Almost every major car manufacturer has invested in the research and development of autonomous vehicles, with be…
The impending shake-up of the data protection regime in Europe and the UK has become a hot topic for a number of businesses and sectors.
EU member states have agreed to unify data protection laws across the EU.
Today’s buildings are changing. They are more heavily serviced than ever before and the way in which they are developed needs to reflect this.
The International Chamber of Commerce (the “ICC”) has published a new, free to download cyber security guide to assist businesses with their approach to data security. The aim of the guide is to mitigate the risks associated with cybercrime.
Hold the phone! Consultation under way in an effort to increase the regulations surrounding unsolicited marketing calls
There are few people who haven’t been subjected to a “nuisance call”, whether it be selling pet insurance, advocating the benefits of double glazing that you just can’t do without or informing you of a PPI claim you are allegedly entitled to make.
One of the difficulties with cloud computing, and one of the reasons that various businesses and sectors (including the legal sector) are only just starting to realise the benefits of cloud computing, is that it means different things to different people.
Do you sell goods or services to consumers via the following channels?: over the telephone via the internet ‘off premises’, e.g. at trade shows or at people’s houses If the answer is yes then there are changes being brought in fro…
A briefing note relating to the recent judgment in UsedSoft GmbH v Oracle International Corp and, in particular, the effect of the case on the exhaustion of rights in software.
“Agile Software Development” is now seen by many as the preferred software development methodology. It is important to recognise how this approach to software development differs to traditional approaches and how to contract for it effectively.
Sarah Tahamtani, partner in the employment team at Clarion, offers advice about how can small and medium sized businesses can avoid problems from the use of social networking.
The law surrounding internet cookies has become increasingly complex due to some intervention from Europe. Many people are unaware of what cookies are, when they are used, or what they do, but nevertheless, consumers will soon be required to &…
Hertfordshire County Council (“HCC”) and A4e Limited (“A4e”) have received the first monetary penalties from the Information Commissioner (“IC”) for serious breaches of the Data Protection Act, both concerning the unint…