Future of Work: Adapting to the democratised workplace

The new world of work: report warns of an unprecedented rise in workplace activism Across all sectors and geographies workers are becoming more vocal in articulating their views – about the workplace, their employer and about wider social issues – and increasingly holding organisations to account, enabled and amplified by social media. This trend is … Read more

UK: ICO announces first ‘mega fines’ for data breach under GDPR

In the last couple of days, the Information Commissioner’s Office has issued two notices of intent to impose the first ‘mega fines’ under the GDPR regime for data breaches by British Airways (for £183.39 milion) and Marriott International (for £99.2 million).  Both companies now have the chance to respond to the notices of intent, after … Read more

UK: right to privacy in relation to personal emails and WhatsApp messages

The European Court of Human Rights in Garamukanwa v United Kingdom has confirmed that the right to privacy can theoretically apply in relation to communications sent from a workplace email address, or which touch on both professional and private matters. However, in this case, the employee did not have a reasonable expectation of privacy in … Read more

Hong Kong: Data Access Request or Pre-Action Discovery in Disguise?

Employers control the extent of information that they provide employees – from how well they are meeting KPIs, to internal discussions about grievances, remuneration and disciplinary actions. In the majority of cases, employers have no obligation to provide to employees information setting out the basis for remuneration or disciplinary outcomes including information which is part … Read more

Compliance Check: China – changes to how employers handle personal data

The Chinese Cybersecurity Law (CSL) introduced in 2017 is the nation’s first comprehensive privacy and security regulation for cyberspace, setting out strict controls on companies operating in China over their online activities, data storage and handling of personal information. The National Standard (GB/T 35273–2017) provided detailed guidance on the collection, use and storage of personal … Read more

UK: DSAR ruling confirms that descriptions of the purposes of processing and recipients of personal data can be general, but actual identity of sources must be provided

The recent High Court judgment in Rudd v Bridle & J&S Bridle Ltd provides some useful guidance on subject access requests under the Data Protection Act 1998 (equally relevant to the new GDPR regime). Dr Rudd, a medical expert on exposure to asbestos, was the subject of a campaign by a lobbyist for the asbestos … Read more