All businesses need to understand their obligations to safeguard personal data under the Data Protection Act 1998 (the Act). Failure to do so can result in enforcement action and fines issued by the Information Commissioner’s Office. In addition, individual employees can make claims if they have suffered damage and distress as a result of a breach of the Act.
An increasingly common step taken by employees, (particularly those who have brought, or are intending to bring, an employment claim) is to make a subject access request (SAR) under the Act, requiring disclosure of all personal data held about that individual. Responding to such a request can be time consuming and complex, with many employers struggling to determine what material must be disclosed.
In addition, and subject to the outcome of the Brexit negotiations, the UK may soon be obliged to implement the EU General Data Protection Regulation (GDPR). This is a significant piece of legislation, overhauling the current regime and greatly enhancing the protections that employers need to put in place. It will also increase both the rights of data subjects, and the penalties for non-compliance.
TJD Law can assist with:
- Advice and guidance on data protection principles
- Guidance on preparing for the GDPR
- Drafting policies and privacy notices
- Responding to a subject access request
- Advice on legal privilege and disclosure obligations