Employment law and protection breaches
Due to recent updates in Data Protection legislation, Data controllers are subject to increasingly stringent requirements and, potentially greater penalties by the Information Commissioner.
Data Controllers must now notify, the Information Commissioner within 72 hours of any data breach concerning personal data held by them, this means that employers need to give due consideration to who the Data Controller at the organisation is and they need to set up a contingency and reporting structure.
Employers are obligated to take a workplace data protection breach seriously. With legal and reputational risks increasing, employers may be tempted to discipline their workers for a breach, where liability can be proved and treat them as gross misconduct. This would allow the employer to dismiss without notice or pay in lieu of notice where such a breach is proven, providing that systems,
processes and training were in place at the time of the breach.
Preventing employee data breach
Employers should now be concentrating their efforts on prevention rather than cure when it comes to employee data handling and storage. This can be achieved by ensuring regular and dedicated training for relevant staff about legislation such as GDPR, and putting in place clear and properly communicated policies.
Employees need a very clear understanding of their obligations and responsibilities and business leaders should treat this area with the same
importance as Health & Safety. Companies should audit their Data security regularly and stress test their systems to ensure compliance with the law. They should also ensure that any 3 rd party agreements to share data are drafted in line with best practice.
Penalties for breach of data protection rules
The ICO has the power to impose exceptionally large fines in respect of the breach of data protection law as well as the right to issue enforcement notices restricting data use.
There are two tiers of penalty, with the maximum payable in the standard tier £8.7 million or 2% of annual turnover, whichever is higher. In the higher tier, the maximum payable is £17.5 million or 4% of annual turnover, whichever is higher.
Audit and information notices may also be issued, with a view to investigating any possible legal infringement.
Our data protection legal services
If your business is being investigated by the ICO, we will advise and guide you through the process, ensuring that your rights are upheld, and that the organisation does not exceed its authority.
In the event that you are required to provide information under a search order, information notice or assessment notice, we will ensure that only the requested information is provided and that we have details of exactly what has been copied so that we have a good understanding of the direction of the investigation.
If the ICO is considering criminal proceedings against you or your organisation, we will provide a robust defence, to include attending interviews under caution with you and representing you in court proceedings.
We can also represent you in respect of civil proceedings brought by a member of the public in respect of an alleged breach of their data protection rights.
If your business identifies a data breach, we can advise you in respect of the correct notification procedure and manage the process to ensure that all obligations are complied with.
Dealing with data protection matters is often complex and a breach can have far- reaching consequences for both the operation of your business and your reputation. We can intervene early on your behalf to minimise the damage caused and guide you through any investigation process.
We have an excellent track record of success in working with clients in respect of data protection investigations and litigation, with expert civil and criminal defence solicitors in Middlesbrough, Leeds and London who can step in immediately to advise and represent you.
For an initial discussion, ring us on 0113 532 8100 (Leeds), 01642 221 108 (Middlesbrough) or 0203 780 7646 (London) or fill in our Contact Form.