Data protection

Type:: How to

How to respond to subject access requests from employees under the UK GDPR

Updated to reflect the ICO's guidance on fees to cover the cost of responding to manifestly unfounded or excessive requests.

Type:: FAQs

Can an employer require employees to be tested for coronavirus (COVID-19)?

Type:: FAQs

Can an employer inform its staff if a colleague has tested positive for coronavirus (COVID-19)?

Type:: Employment law cases

Supreme Court: Employer not vicariously liable for rogue employee's data breach

In WM Morrison Supermarkets plc v Various claimants, the Supreme Court held that the employer is not vicariously liable for an employee's deliberate personal data breach because the employee was not engaged in furthering his employer's business but was pursuing "a personal vendetta".

Type:: Policies and procedures

Processing special category personal data and criminal records data policy

A model policy to comply with the obligation to have an appropriate policy document in place when processing special category personal data and criminal records data. The policy complies with the General Data Protection Regulation (GDPR).

Date:: 29 October 2019
Type:: Podcasts and webinars

Podcast: Covert recordings at work

We discuss the legal and practical issues that arise through covert recordings at work.

Type:: Policies and procedures

Vehicle tracking policy

A model policy to inform employees of the reasons for the use of tracking and telematics devices in your organisation's vehicles, the type of data collected and the way in which it is processed.

Type:: Employment law cases

Covert CCTV surveillance of Spanish shop workers did not violate right to privacy

In López Ribalda and others v Spain, the European Court of Human Rights held that Spanish shop workers' right to privacy was not violated when a supermarket secretly installed hidden cameras to monitor employee thefts.

Type:: Policies and procedures

Use of CCTV policy

Updated to include information on López Ribalda and others v Spain, concerning the installation of hidden cameras to monitor employee thefts.

Type:: Letters and forms

Letter refusing subject access request or asking for administrative fee

Updated to flag up ICO guidance on the definition of a manifestly unfounded" or "excessive subject access request.

Topics

Subtopics

New and updated

How to respond to subject access requests from employees under the UK GDPR

Can an employer require employees to be tested for coronavirus (COVID-19)?

Can an employer inform its staff if a colleague has tested positive for coronavirus (COVID-19)?

Supreme Court: Employer not vicariously liable for rogue employee's data breach

Processing special category personal data and criminal records data policy

Podcast: Covert recordings at work

Vehicle tracking policy

Covert CCTV surveillance of Spanish shop workers did not violate right to privacy

Use of CCTV policy

Letter refusing subject access request or asking for administrative fee

About this topic

Data protection: key resources

GDPR resource round-up

Employment law guide: Data protection

Data protection policy

How to manage the retention of employee data under the GDPR

Data protection impact assessment form

Employee privacy notice

Data protection: quick links

Policies and procedures

Letters and forms

How to - practical guidance

FAQs

Podcasts and webinars