Data protection

Type:: Policies and procedures

Vehicle tracking policy

A model policy to inform employees of the reasons for the use of tracking and telematics devices in your organisation's vehicles, the type of data collected and the way in which it is processed.

Type:: Policies and procedures

Use of CCTV policy

Updated to include information on López Ribalda and others v Spain, concerning the installation of hidden cameras to monitor employee thefts.

Type:: Employment law cases

Covert CCTV surveillance of Spanish shop workers did not violate right to privacy

In López Ribalda and others v Spain, the European Court of Human Rights held that Spanish shop workers' right to privacy was not violated when a supermarket secretly installed hidden cameras to monitor employee thefts.

Type:: Letters and forms

Letter refusing subject access request or asking for administrative fee

Updated to flag up ICO guidance on the definition of a manifestly unfounded" or "excessive subject access request.

Type:: Letters and forms

Letter refusing request for rectification of incorrect or incomplete personal data or asking for administrative fee

Updated to flag up ICO guidance on the definition of a manifestly unfounded" or "excessive rectification request.

Type:: Letters and forms

Letter refusing request for erasure of personal data or asking for administrative fee

Updated to flag up ICO guidance on the definition of a manifestly unfounded" or "excessive erasure request.

Type:: How to

How to manage the retention of employee data under the UK GDPR

Updated to reflect a change to the Disclosure and Barring Service's sample policy on handling DBS certificate information.

Type:: Employment law cases

Vicarious liability: Employer liable for data breaches by employee with "grudge"

In WM Morrison Supermarkets plc v Various claimants, the Court of Appeal held that the employer is vicariously liable for the criminal actions of an employee who disclosed the personal data of his fellow employees online.

Type:: How to

How to conduct an audit of HR personal data for the UK GDPR

Practical guidance on auditing HR-related personal data as part of an organisation's ongoing UK GDPR compliance efforts, including establishing the scope of the audit and understanding how the information collected can be used to identify compliance gaps.

Type:: Tasks

Topics

Subtopics

New and updated

Vehicle tracking policy

Use of CCTV policy

Covert CCTV surveillance of Spanish shop workers did not violate right to privacy

Letter refusing subject access request or asking for administrative fee

Letter refusing request for rectification of incorrect or incomplete personal data or asking for administrative fee

Letter refusing request for erasure of personal data or asking for administrative fee

How to manage the retention of employee data under the UK GDPR

Vicarious liability: Employer liable for data breaches by employee with "grudge"

How to conduct an audit of HR personal data for the UK GDPR

Draft a privacy notice for a worker under the UK GDPR

About this topic

Data protection: key resources

GDPR resource round-up

Employment law guide: Data protection

Data protection policy

How to manage the retention of employee data under the GDPR

Data protection impact assessment form

Employee privacy notice

Data protection: quick links

Policies and procedures

Letters and forms

How to - practical guidance

FAQs

Podcasts and webinars