Blog

Our new online Data Protection training course is launched

As per our teaser in our December newsletter, we are delighted to announce that our new online data protection training course is now available to your business.

We have designed this course to meet the requirement of the GDPR that all employees who have access to any personal data, regardless of their role, need to be aware of their data protection responsibilities.

Our training course will assist with your GDPR compliance by giving your employees the information and understanding they need to manage personal data correctly during their day to day activities.

Key features:

• Introductory course for staff who deal with or have access to personal data within their job role.
• Six easy to follow sections which include a learning objective, practical examples, test exercises and conclude with a test.
• Quick to complete, typically under one hour, but can be paused and restarted as necessary.
• Unique logins allow you to track who has accessed and completed the training.
• The training log provides evidence of compliance.
• Pricing is per user per year, and there are no initial set-up fees.
• A certificate is provided once the tests have been satisfactorily completed.

Data breaches where data protection training is absent will incur higher fines, so please do not ignore this […]

By |January 29th, 2019|Blog|0 Comments|

BREXIT thoughts

I our last issue I promised the start of a guide to some of the implications of Brexit.  It seems increasingly likely that there will not be a ‘hard’ Brexit and therefore most of the planning needs to be timed for 31 December 2020, when we will, under the draft agreement, leave the single market.

Of course, anything might happen, but what is the prudent advice with regard to the legal issues?  Whatever flavour of exit takes place, there will be some level of disruption to physical trade.  This may fall within force majeure and may excuse contractual performance of one of the parties in a supply chain. Force majeure can allow one party to escape from a contract when something unforeseen happens – usually events like strikes and floods. This could affect all of us.

Another area that will be affected is the ability of business to charge different prices in different markets.  This is currently outlawed across the EU, but once we have left, will mean that the UK price of goods or services could be entirely different to that charged in the EU.

The area close to our heart is trade marks and the loss of our right to act in Europe. This […]

By |January 29th, 2019|Blog|0 Comments|

Data Breach Reporting

We all now know there is a maximum time for reporting breaches of 72 hours.  However, it seems many have not decided what to do as a first step when there is a suspected breach.  Those who have had our advice on GDPR will have a procedure.  Nevertheless, the simple answer is to call us – we will answer whatever the time or day.  To quote a client, “I wish I had called you first – I will next time”.

By |January 29th, 2019|Blog|0 Comments|

Mental Health in the Workplace

10th October 2017 was World Mental Health Day, a day for showing support for better mental health. With one in four adults likely to have a mental health issues in any given year, people are becoming aware of the need to look after their own wellbeing.

Work pressures can have a significant impact on mental health. The World Federation of Mental Health, who promote mental wellness at work, recently reported that 6 out of 10 employees suffering with depression say that they hide the condition from their employer (as surveyed by Silver Ribbon Singapore).

In the UK, many employers are alert to the scale of poor mental health in the workplace, but accordingly to a new report, more still needs to be done. The Mental Health at Work Report 2017 is the second National Employee Mental Wellbeing Survey undertaken by Business in the Community (in partnership with YouGov) and it reveals that although there has been progress, many men and women with mental health issues suffer in silence in work, as they feel unable to seek help from colleagues or managers, for fear of prejudice and exclusion.

These fears are, to a large degree, prohibited under Employment Law (as discussed below) but in the report, which surveyed […]

Yet more changes to Data Protection Laws!

As if we didn’t have enough changes on the horizon in the world of Data Protection Law, the UK government has decided to add yet more to the mix with its recently published “DP Bill – Statement of Intent”. This statement aims to give some details about how the UK government intends to implement the data protection reforms both from Europe and its own new laws.

We already know that the General Data Protection Regulation will become UK law in May next year and since this is before the date that the UK leaves the EU, then we will have to prepare and comply with its requirements. The government has already said that it will ensure that the provisions of the GDPR remain UK post Brexit, a necessity for data transfers between the UK and Europe once it is no longer an EU member.

So why has the government now decided to put yet more legislation into place? Well, this bill adds some details to questions that the GDPR has not yet answered. So, we know now that the government intends the age upon which a child can make their own decisions in relation to his or her data will be 13. The government has […]

By |August 24th, 2017|Blog|0 Comments|

New Rules for Online Content Providers – good news for consumers, but more headaches for app and website owners!

If you have ever tried to access your Apple music or Spotify account abroad, you have probably found that if either told refused you access for being “out of territory” or let you in only to kick you out again a few days later. Well the EU have come up with a solution to this problem with the “Regulation on cross-border portability of online content services”.

The regulation basically requires anyone operating an website/app which allows consumer to access online content in return for a fee, to access the same content in any other member state where they are temporarily resident.

There are some limits to this, the consumer must be a resident of a member state and the website/app owner can carry out reasonable checks on residency. The quality of the content does not have to of the same standard as that in the member state that the consumer resides, unless the website/app owners makes quality guarantees in its terms and conditions. If this is the case, then these guarantees must apply to content accessed across the EU. In addition, the regulation does not apply where the content is free, unless the website/app owners wishes to make it available.

Whilst this is great news for […]

By |August 24th, 2017|Blog|0 Comments|

PREPARATION FOR THE GENERAL DATA PROTECTION REGULATION: YES/NO checklist

There is an accompanying GUIDANCE NOTE which runs to 10 pages and is too large to include as part of a blog.  Please contact Tracey Wakelam at  TraceyWakelam@www.probertlegal.com to get your free copy.

 

Awareness and Training
Notification to the board of the GDPR and its implications
Appointment of senior staff with DP responsibilities
Do we need to appoint a DPO?
Reporting structure for DP compliance
Will any budget or further budget be allocated?
Roll out general DP training for all staff
Is any additional training required for staff with specific DP responsibilities
Procedure in place for new starters/refresher courses
 

 Identify what Personal Information is held

Can you Identify all systems where personal information is held?
If you cannot identify what personal information you hold – carry out a data protection audit
 

How did you collect the personal information and what do you do with it?

How did you collect the personal information? Have you documented this?
Under what condition in the GDPR will you be processing the personal information? Have you documented this?
What do you do with the information? Have you documented this?
Who do […]

By |April 24th, 2017|Blog|0 Comments|

Have your say on the GDPR Consent guidance!

The Information Commissioner’s Office (ICO) has just issued a draft version of their guidance on consent under the upcoming General Data Protection Regulation (GDPR). They have asked for any comments or input on the guidance to be sent to them by 31 March 2017.

The draft guidance gives further detail on what the ICO will expect organisations to be doing in order to properly obtain consent to process personal data. Amongst other issues, the draft guidance makes it clear that pre-ticked boxes will no longer meet the requirements of consent, as the consent needs to be unambiguous and requires a clear affirmative action.

The ICO also emphasises how important it is to keep good records of consent and to check that existing consents meet the new requirements after May 2018. If an organisation is unable to meet the new requirements for consent, then they should be looking to see if they can met another lawful basis for processing personal data under the GDPR.

If you want to have your say on the guidance, the consultation and draft guidance can be found here.

The GDPR is going to be the biggest change to data protection laws since the Data Protection Act came into force in 1998. If […]

By |March 8th, 2017|Blog|0 Comments|

Gender Pay Gap Reporting – Guidance published

Draft guidance on how to manage gender pay reporting in the private and voluntary sectors has been produced by the Government and ACAS. It can be found here.

The aim of the guidance is to help employers meet their duties under the new gender pay gap reporting obligations, which were brought in by the Equality Act 2010 (Gender Pay Gap Information) Regulations 2017 (The Regulations). The Regulations are due to be brought into force on 6 April, and provide that employers with at least 250 employees must calculate and report the difference between men’s and women’s average hourly pay.

The guidance sets out four steps which employers should follow to ensure compliance with the new Regulations, namely:

  1. Extract the ‘essential information’ (i.e. the pay, bonuses and weekly working hours) of its male and female employees
  2. Carry out the calculations necessary to assess the (mean and median) gender pay gap
  3. Make a supporting statement to confirm that the published information is accurate; and
  4. Publish the gender pay information.

It also sets out a fifth step, which is does not specifically relate to an obligation under the Regulations, but is considered by both the Government and ACAS to be ‘best practice’:

  1. Implement plans to manage the […]

Case Study – Employer vs. public provider expectations

In a recent decision by the Supreme Court, a bus operator’s policy regarding the wheelchair space on its buses was held to be in breach of the duty to make reasonable adjustments under the Equality Act 2010. The court considered that it was not enough to instruct drivers simply to request non-wheelchair users to vacate the wheelchair space if it was required by a wheelchair user, and do nothing further if the request was rejected. Instead, some further step to pressurise the non-wheelchair user to vacate the space should have been considered.

The duty to make reasonable adjustments, as considered by the Supreme Court, was that set down in S.20 of the Equalities Act 2010, which applies to employers. However, there are differences which may limit the effect of the decision on employment cases. When considering what was “reasonable” the court felt the fact that the bus operator (First Group Plc) had little to no means to compel an uncooperative passenger to vacate the wheelchair space. By contrast, an employer generally has a much greater degree of control over its employees, and can compel them to comply with any reasonable adjustments it puts in place. In practice, this means that what can reasonably be […]