Even more reasonable

With employers having a matter of weeks to implement reasonable measures to prevent sexual harassment at work to comply with the requirements of the Worker Protection (Amendment of Equality Act 2010) Act 2023, Handley Gill's consultants identify the steps employers should take to establish a sexual harassment prevention programme and associated data protection compliance measures. As Labour's Employment Rights Bill would expand the scope of the employer's duty to take all reasonable measures and to address threats posed by third parties, employers should consider voluntarily expanding the scope of their programme now.

Nicola Cain13 October 2024Human Rights, Discrimination, Equality Act 2010, Sexual Harassment Risk Assessment, Data Protection, UK GDPR, GDPR, DATA PROTECTION ACT 2018, Article 9 UK GDPR, Article 9(2)(b) UK GDPR, Schedule 1 Part 1 paragraph 1 Data Protection Act 2018, DPA 2018, Appropriate Policy Document, SPECIAL CATEGORY PERSONAL DATA, Special Category Data, Worker Protection (Amendment of Equality Act 2010) Act 2023, Employment Rights Bill, ECHR, European Convention on Human Rights, Article 8 European Convention on Human Rights, Article 14 European Convention on Human Rights, Article 10 European Convention on Human Rights, Bill 011 2024-25, ESG, Environmental Social & Governance, Environmental Social & Corporate Governance, Privacy Policy, Privacy Notice, Article 5 UK GDPR, Data Protection Principles, Data Minimisation, Lawful Basis for Processing, Accuracy, Duty to Prevent Sexual HarassmentComment

You Shall EU

Handley Gill's specialist data protection consultants consider the status of CJEU judgments in UK law after the Labour government intervened to prevent section 6 Retained EU Law (Revocation and Reform) Act 2023 from coming into force and amending the European Union (Withdrawal) Act 2018, and consider several CJEU judgments addressing the processing of special category personal data, the interaction between data protection and competition law, the conduct and balancing of legitimate interests assessments, data minimisation and the status of supervisory authority decisions.

Nicola Cain7 October 2024Data Protection, GDPR, EU GDPR, General Data Protection Regulation, Regulation (EU) 2016/679, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Retained EU Law, Retained EU Law (Revocation and Reform) Act 2023, European Union (Withdrawal) Act 2018, Section 6 European Union (Withdrawal) Act 2018, section 6 Retained EU Law (Revocation and Reform) Act 2023, Assimilated Law, BREXIT, CJEU, Data Controller, Data Minimisation, Supervisory Authority, Health Data, Article 9(1) GDPR, Article 9 GDPR, Article 9 UK GDPR, Article 9(1) UK GDPR, Legitimate Interests, Legitimate Interests Assessment, LIA, Article 6(1)(f) UK GDPR, Article 6(1)(f) GDPR, Commercial Interests, Advertising, MARKETING, Targeted Advertising, Behavioural Advertising, Personalised Advertising, Data Sharing, Necessity, C-446/21, C-621/22, C-21/23, C-200/23, SPECIAL CATEGORY PERSONAL DATA, Special Category Data, Sexual Orientation, Article 9(2)(a) GDPR, Article 9(2)(a) UK GDPR, Article 9(2)(e) GDPR, Article 9(2)(e) UK GDPR, Article 5(1)(c) GDPR, Article 5(1)(c) UK GDPR, Data Retention, C-507/23, Compensation, Damages, Article 82 GDPR, Article 82(1) GDPR, ApologyComment

Barely recognisable?

Handley Gill Limited’s consultants respond to the Information Commissioner’s consultation on the draft Biometric Data Guidance Phase 1. We call for clarity on the circumstances in which the deployment of biometric recognition technologies will be considered to be lawful, particularly in the context of employment and the workplace, confirmation that a Data Protection Impact Assessment (DPIA) will always be required when deploying biometric recognition technologies and inclusion of the benefits and risks of biometric recognition. Finally, we argued for greater clarity about the requirements for further processing of special category biometric data.

Britain's Got Talent's Got Problems

Handley Gill Ltd’s specialist consultants provide initial comment and analysis on The Sun’s report of David Walliams’ data protection claim against one of the co-producers of ITV’s Britain’s Got Talent, Fremantle Media, including the nature of the claim, potential defences and the sums being claimed. The claim arises from the the leak of a transcript of comments made by Walliams on set to The Guardian in November 2022.

Nicola Cain8 October 2023Data Protection, Personal Data, Data Protection Act 1998, GDPR, General Data Protection Regulation, DATA PROTECTION ACT 2018, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, Data Breach, Data Litigation, Sensitive Personal Data, SPECIAL CATEGORY PERSONAL DATA, S.2 Data Protection Act 1998, S.32 Data Protection Act 1998, Special Purposes Processing, Special Purposes Exemption, Journalism Art or Literature, Article 9 GDPR, Article 9 UK GDPR, Data Protection Offences, s.170 Data Protection Act 2018, S.170 DPA 2018, Right to Erasure, Right to be Forgotten, Article 17 GDPR, Article 17 UK GDPR, WM Morrison Supermarkets plc v Various Claimants [2020] UKSC 12, TLT v Secretary of State for the Home Department [2016] EWHC 2217 (QB), Sir Cliff Richard v (1) BBC and (2) Chief Constable of South Yorkshire Police [2017] EWHC 1291 (Ch), Article 33 GDPR, Article 33 UK GDPR, Personal Data Breach Record, Breach Log, Data protection impact assessment, DPIA, Legitimate Interests Assessment, LIA, Retention Schedule, Privacy Notice, Data Controller, Vicarious LiabilityComment

So you’ve been debanked…

Handley Gill’s data protection consultants consider the implications of the data subject access request (DSAR) submitted by Nigel Farage in the context of his de-banking dispute with Coutts & Co and its parent company Natwest, and advise how individuals can make a data subject access request (DSAR).

Nicola Cain30 July 2023Data Protection, Personal Data, GDPR, UK GDPR, General Data Protection Regulation, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, Article 15 GDPR, Article 15 UK GDPR, DATA SUBJECT ACCESS REQUEST, DSAR, SAR, Subject Access Request, Retained EU Law, Data Protection & Digital Information (No.2) Bill, Data Protection & Digital Information Bill, Data Protection Reform, Nigel Farage, Coutts & Co, Natwest, Alison Rose, Information Commissioner, Information Commissioner's Office, Data Regulation, Data enforcement, Financial Conduct Authority, FCA, ICO, AML, Anti-Money Laundering, Know Your Customer, KYC, Banking, Financial Services, Data Processing, SPECIAL CATEGORY PERSONAL DATA, Political Opinions, Religious or Philosophical Beliefs, Article 9 UK GDPR, Article 9 GDPR, Peter Flavel, Politically Exposed Person, PEP, Money Laundering Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017, Money Laundering Regulations, (SI 2017/692), Freedom of Expression, Free Speech, Financial Services and Markets Act 2023, HM Treasury, Freedom of Speech, Discrimination, Protected Characteristics, Religion or Belief, Data Subject Rights, Data Subject Access Request, Retained EU Law (Revocation and Reform) BillComment

Pride 2023: Take pride in your processing

Effective data protection compliance measures can promote, empower and protect the LGBTQIA+ community and can not only assist organisations in identifying and eliminating discrimination, but also in supporting LGBTQIA+ individuals and enabling them to have their gender identity and sexual orientation recognised.

Nicola Cain26 June 2023DATA PROTECTION, PERSONAL DATA, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, GDPR, GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, SPECIAL CATEGORY PERSONAL DATA, SENSITIVE PERSONAL DATA, SEX LIFE, SEXUAL ORIENTATION, GENDER, PRIDE, LGBTQIA+, Inferred personal data, Data protection impact assessment, DPIA, Article 4(1) UK GDPR, Article 4(1) GDPR, Article 9(1) UK GDPR, Article 9(1) GDPR, Section 10 Data Protection Act 2018, S.10 Data Protection Act 2018, S.10 DPA 2018, Schedule 1 Data Protection Act 2018, Schedule 1 Part 2 paragraph 8 Data Protection Act 2018, Schedule 1 Part 2 paragraph 16 Data Protection Act 2018, Schedule 1 Part 2 paragraph 17 Data Protection Act 2018, Article 5(1)(d) UK GDPR, Article 5(1)(d) GDPR, Article 17 UK GDPR, Article 17 GDPR, Right to be Forgotten, Article 21 UK GDPR, Article 21 GDPR, Article 25 UK GDPR, Article 25 GDPR, Article 5(1)(c) UK GDPR, Article 5(1)(c) GDPR, Appropriate Policy Document, Data ControllerComment

You know how i feel

Handley Gill Limited, and its specialist data protection consultants, respond to the Information Commissioner’s (ICO’s) consultation on its draft ‘Employment practices and data protection: information about workers’ health guidance, which address the use of special category data concerning health in the context of maintaining sickness, injury and absence records, occupational health schemes, conducting medical examinations and testing (including drug testing) and other health monitoring.

Watch and learn

Handley Gill Limited, and its specialist data protection consultants, respond to the Information Commissioner’s (ICO’s) consultation on its draft ‘Employment practices: monitoring at work’ guidance, which addresses the lawfulness of the use of workplace monitoring and surveillance technologies in the workplace (whether office, home or remote working) and on workers’ devices.

Pile Up Ahead?

Handley Gill comments on the Government’s response to the ‘Data: A New Direction’ consultation, which previews the content of the forthcoming Data Reform Bill, and identifies other issues which would merit being addressed in the proposed legislation.

Nicola Cain7 July 2022Handley Gill LimitedPERSONAL DATA, UK GDPR, UK GENERAL DATA PROTECTION REGULATION, DATA PROTECTION ACT 2018, DPA 2018, PECR, PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, DATA: A NEW DIRECTION, DATA PROTECTION REFORM, BREXIT, NATIONAL DATA STRATEGY, CONVENTION FOR THE PROTECTION OF INDIVIDUALS WITH REGARD TO AUTOMATIC PROCESSING OF PERSONAL DATA, POLITICAL PROCESSING, ARTICLE 6 UK GDPR, SPECIAL CATEGORY PERSONAL DATA, SCHEDULE 1 DATA PROTECTION ACT 2018, ANONYMITY, ANONYMOUS DATA, ARTICLE 4(1) UK GDPR, THE COUNCIL OF EUROPE’S CONVENTION 108, THE COUNCIL OF EUROPE CONVENTION 108, PRIVACY MANAGEMENT PROGRAMME, DATA PROTECTION OFFICER, ARTICLE 37 UK GDPR, DATA PROTECTION IMPACT ASSESSMENT, DPIA, ARTICLE 35 UK GDPR, ARTICLE 30 UK GDPR, RECORDS OF PROCESSING ACTIVITIES, ARTICLE 36 UK GDPR, PRIOR CONSULTATION, ARTICLE 12(5) UK GDPR, MANIFESTLY UNFOUNDED OR EXCESSIVE, VEXATIOUS OR EXCESSIVE, ARTICLE 45(2) UK GDPR, INTERNATIONAL DATA TRANSFERS, ADEQUACY DECISION, S.17B(1) DATA PROTECTION ACT 2018, COOKIES, COOKIE CONSENT, REGULATION 6 PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, REGULATION 22(2) PRIVACY AND ELECTRONIC COMMUNICATIONS REGULATIONS, SOFT OPT-IN, MARKETING, INFORMATION COMMISSIONER, EXPERT PANEL, ENFORCEMENT, MONETARY PENALTY NOTICE, ARTICLE 15 UK GDPR, DATA SUBJECT ACCESS REQUEST, SUBJECT ACCESS REQUEST, BILL OF RIGHTS, EUROPEAN COURT OF HUMAN RIGHTS, UK SUPREME COURT, SUPREME COURT, EUROPEAN COMMISSION, COMMISSION IMPLEMENTING DECISION C(2021) 4800, Data Protection & Digital Information BillComment