Data Protection Network Associates

Are you monitoring your employees, or planning to do so? There's lots of monitoring tech available, some of it AI-powered and there are lots of reasons why employers might want to monitor staff, such as; ◆ to check they’re working, ◆ to check when the arrived and finished work ◆ to detect and prevent criminal activity ◆ to make sure people are complying with internal policies ◆ to check their performance ◆ for safety and security reasons However just because we can, doesn't mean we should. While data protection law doesn't prevent employee monitoring, activities should be necessary, proportionate and respectful of people's rights. Organisations need to prevent any monitoring being excessive and/or overly instrusive. Here's a checklist of key considerations: ☛ https://lnkd.in/e23SZq4C #dataprotection #employeemonitoring #gdpr

Some data protection related nuggets from the new UK Government's first King's Speech. 🚩 A Digital Information and Smart Data Bill This is likely to include some (but not all) of the content of the previous Government's Data Protection and Digital Information Bill (DBDI) which failed to pass when the snap election was called. 🚩 A Cyber Security and Resilience Bill This is likely to give regulators more power to push companies to bolster their cyber protection. 🚩 What about AI? There is no mention of an AI Bill but the King's Speech confirms the Government's commitment to "seek to establish the appropriate legislation to place requirements on those working to develop the most powerful artificial intelligence models." So, for the time being it doesn't look like the UK will follow in the EU's footsteps with a comprehensive AI Act. https://lnkd.in/e7EpKWw9

In my experience organisations are not always clear about the need for extra measures when handling special category data. This distinct sub-set of personal data includes information which reveals: ✓ Racial or ethnic origin ✓ Political opinions ✓ Religious or philosophical beliefs ✓ Trade union membership PLUS ✓ Genetic data ✓ Biometric data (where this is used for identification purposes) ✓ Data concerning a person's health ✓ Data concerning a person’s sex life or their sexual orientation. If you infer, or make an assumption, about someone which falls into the above categories, this data may also count as special category data. There are specific obligations under UK GDPR and the Data Protection Act 2018 when collecting and using special category data. I've written more about why this data is considered special and the specific requirements here: ☛ https://lnkd.in/egvbr58J #gdpr #dataprotection #specialcategorydata

https://lnkd.in/dcFTWEPT?

Data protection law doesn't stop us sharing personal data with other organisations, but we need to be transparent about what we're doing, and factor in other the data protection principles. ☛ We've put together a handy data sharing quick checklist: https://lnkd.in/egqtTist #datasharing #dataprotection #datasecurity #gdpr

An article in the Telegraph peeked my interest, about a data breach suffered by the UK Conservative Party and it got me thinking about how so many breaches are caused by a lack of due process and carelessness. Reportedly in this case an error with an app led to the personal information of leading Conservative politicians – some in high government office – being available to all app users. It doesn't help instil confidence when this is the second breach suffered by the Tories in a month, but before we cast stones there are plenty of examples where other organisations have failed to take appropriate steps to make sure privacy and security are baked into their app’s architecture. There's a sound reason why the concept of data protection by design and default is embedded into data protection legislation. GDPR may have it's critics, but this is just common sense. A clear and approved procedure for new systems, projects and apps will go a long way to mitigate the risk of a breach and damaging headlines further down the line. ☛ Read more here: https://lnkd.in/ePBpupee #dataprotection #databreaches #dataprotectionbydesign

Fulfilling Data Subject Access Requests can be tricky, especially when we're faced with deciding whether it's reasonable or not to disclose the personal data of other individuals. A recent High Court Ruling (Harrison vs Cameron) has shed some light on two aspects of fulfilling requests: 1) The third-party exemption i.e. people are not entitled to receive personal data relating to others. 2) Requirements relating to providing details of the recipients the requester's personal data may have been shared with. The ruling makes it clear organisations should conduct a balancing test when considering whether it's reasonable to share personal data relating to others, or whether they can justifiably rely on the third-party exemption. ☛ Read more about the case here: https://lnkd.in/enZPmqqH #dsar #privacyrights #accessrequests #gdpr

We had a great discussion yesterday on data protection trends, emerging risks and areas data protection authorities are focusing in on. A big thank you to Steve Wood, Robert Bond, Eleonor Duhs and our very own Simon Blanchard You can listen back here... ⏩ https://lnkd.in/eF8R9yQB #dataprotection #gdpr #dataprotectionrisks

Organisations face an ever increasing list of necessary data protection related risk assessments - DPIAs for high risk projects, LIAs for legitimate interests, TRAs/TIAs for international data transfers and then of course assessing the risk of using AI. Robert Bond kindly shares his insight into the different types of assessments we need to consider, and the value of these ☛ https://lnkd.in/eT4S76c4 #riskassessment #dataprotection #dpia #datatransfers #airisks