Trevor Gibson

GDPR Breach Attracts £44Million Fine

Regular readers will recall that in our article on GDPR compliance back in May 2018 one of our key recommendations was that where you intend to process personal data you properly identify your legal basis for doing so (in addition to ensuring that you record the fact you have so done). You can read the full text of that piece here: http://www.heminsleylaw.com/data-protection-gdpr-hr-compliance/

Eight months on, following a complaint which was made on the very day that GDPR came into force, the Regulator has found that Google had failed to comply with its terms.  In this case the French equivalent of the UK Data Commissioner, CNIL, fined Google £44million for a lack of transparency (by failing to ensure that the consent to process their data was properly informed) and for processing personal data without an appropriate legal basis for doing so.

In essence the case concerned the manner in which Google collected data in order to personalise adverts pushed to their users and the manner in which GDPR regulates such transactions. The Data Regulator found that the individuals could not have given informed consent to Google processing the data because “essential data” was disseminated across several documents which were “accessible after several steps only, implying sometimes up to five or six actions”.  As a result, they concluded that there was a lack of transparency (meaning that consent was not truly informed consent) because “users [were] not able to fully understand the extent of the processing operations carried out…”

The instant case, of course, was not brought in relation to employee data but rather in respect of users of Google’s services. The GDPR lessons which the company has learned, however, apply equally to employers.  In short, ensure you provide a privacy notice detailing how, in each case, you are processing your employees’ personal data.  In addition, where that legal basis relies upon the consent of an individual, ensure that such consent has been provided on a properly informed basis.  Failure to do so is sure to lead to employers facing similar fines in the UK.

Read the BBC’s article on the case here: https://www.bbc.co.uk/news/technology-46944696

GDPR Breach Attracts £44Million Fine

Read more >>

Long Term Sickness Benefits & Capability Dismissals: AWAN v ICTS

Read more >>

Without Prejudice Negotiations & Unambiguous Impropriety: A Case Review

Read more >>

Heminsley

Heminsley is a boutique law firm providing employment law advice & litigation, bribery & corruption support and related people services to employers, large and small, to help them to manage their HR and people risk.

Advantages

  • Employment law and ‘people risk’
  • Corporate and Employee investigations
  • Boutique firm acting for employers

Areas of Practice

Employment LawEmployment Tribunals & High Court LitigationHR Projects & Business ReorganisationsBribery and CorruptionEmployee InvestigationsData Privacy & ProtectionTrainingPrivacy PolicySRA Compliance
© 2023 Heminsley. All Rights Reserved.

Site by IGCO

This site tracks visits anonymously using cookies. Close this dialogue to confirm you are happy with that or find out more in the Privacy Policy.

Agree and Close