Whether you are a Data Controller or a Data Processor you have responsibilities under the General Data Protection Regulation (GDPR). A controller determines the purposes and means of processing personal data, whereas a processor is responsible for processing personal data on behalf of a controller and you are required to maintain records of personal data and processing activities.
Data Protection law and GDPR
On 25 May 2018 most processing of personal data by organisations will have to comply with the General Data Protection Regulation (GDPR). Preparing for the general data protection regulation – 12 steps that you should take now
Data Protection and Subject Access Requests
An increasing number of subject access requests have been made under the Data Protection Act 1998.
Subject access requests are used as tactical ploys as a way of putting pressure on the other side to disclose documents that would not otherwise be disclosable in litigation. Several cases have been
Notice period for termination of a contract
In the case of Newcastle’s NHS v Haywood (2017) EWCA Civ 153 the question of when does notice of termination of a contract take effect was considered. The best practice is for express provision in a contract of employment to specify when notice will be effective. The alternatives are common law principles that need consideration and the question to be asked is, when does contractual notice take effect on, 1. Posting of a letter 2. Delivery of the letter or 3. Communication of the notice to the employee so they are aware of it?
Confidential Information – Damages
Where two employees of a large asset management firm were sued for £15 million for taking confidential information, but the employer’s only recovered £2 (nominal damages). The reason for this is that the employees had made no use of the confidential information. Therefore the employer had suffered no losses – Marathon v Seddon [2017] EWHC 300. This serves as a useful reminder to employers suing former