Data protection – time to shift the focusLexLeyton
28 January is Data Privacy Day; ironically not something that is widely known.
Approaching two years since the inception of GDPR and its hard to escape the feeling that we are all just like Alice, tumbling down the rabbit hole into an all-encompassing dystopia.
Our smartphones notify us of the traffic between our location and destination, often before we set off. We are asked to review meals we have or venues we visit, seemingly just by having our presence detected there. Our steps, heartrate and even our breathing is monitored from our pocket or handbag. Smart speakers and Smart TVs and Smart watches monitor and process and predict seemingly every facet of our daily lives. At first the quirkiness may excite, yet the volume and depth of surveillance over our ‘private’ lives is not without a level of discomfort at times. That much is incontrovertible. Curiouser and curiouser.
Privacy in public
With such an arsenal of monitoring capability, legislation was absolutely imperative to answer questions around data privacy in the workplace. As a general rule, one cannot reasonably expect privacy in a public place. That said, the GDPR and Data Protection Act 2018 instilled a number of clear principles around how data is collected and managed at work. Cases in the senior domestic and even European Courts examine the scope of an employer’s right to pry/supervise. Very often, the judgements in these cases are so fact specific, it is difficult to draw any absolute or general conclusions from them.
On the flipside, the Information Commissioner’s Office (ICO) routinely issues fines to UK businesses for misusing or failing to properly secure personal data. Cold calling is the example which comes to many minds, yet large businesses such as EE and Bounty (the pregnancy/maternity one, not the chocolate and coconut one) have received substantial fines from the ICO in the past 12 months. Europe-wide, the problems and fines demonstrate a recurring theme.
Quite often, these fines are entirely avoidable through businesses seeking appropriate advice and taking necessary preventative steps.
Making sure your business is ready
All businesses, of any size and sector, should have a Data Protection Policy. Privacy notices issued are likely to address recruitment, employment, customer and contractor relationships.
A level of expert training around GDPR, particularly in the context of human resources and management, is another increasingly common tool to prevent mishaps.
Make sure your contracts and staff handbook are regularly reviewed and updated. From bespoke policies, privacy notices and tailored GDPR in HR training courses, we provide clarity and peace of mind.
For any UK businesses, if there is doubt about whether your business is ready, LexLeyton will provide a free review of your HR documentation and strategy to identify weaknesses in your data management.