EU: draft guidelines on GDPR extra-territoriality published

On 23 November 2018, the European Data Protection Board published its draft guidelines on Article 3 of the GDPR, being the provision that sets out the territorial scope of Europe’s data protection legislation. The GDPR seeks (via Article 3) to extend its reach beyond European borders, making non-EU organisations directly subject to its obligations when processing … Read more

UK: new resources on criminal record checks, mental health and dyslexia

Unlock has published new guidance for employers on criminal record checks, to which the ICO has contributed. The guidance states that checks at the application stage are unlikely to be necessary for most jobs and therefore likely to be a breach of the GDPR. In relation to checks at the job offer stage, the guidance … Read more

UK: first enforcement notice under GDPR shows extra-territorial reach

The UK data protection regulator, the Information Commissioner’s Office (ICO), has issued its first enforcement notice under the General Data Protection Regulation (GDPR). The notice is particularly noteworthy because it has been issued against a company located in Canada, which does not appear to have any presence within the EU. The ICO found that the … Read more

UK: Government’s white paper on future relationship and technical notes in the event of a Brexit no-deal

Over the summer the Government published its white paper on the future UK-EU relationship post transitional period, covering a wide range of issues including immigration and employment. On immigration, the Government stated that it recognises the importance of moving and attracting talent across Europe to support the global operations of UK firms and global investors. … Read more

APAC: Background Checks

This month, we consider whether employers can conduct background checks by way of social media/internet searches on prospective employees, focussing on the position in Singapore, Hong Kong, Japan and South Korea. Read more

Korea: Handling Employee Data

Under the Personal Information Protection Act (“PIPA”) any company which handles personal data will be deemed a ‘data handler’ and must comply with strict requirements. This includes employee personal data. Read more

Hong Kong: The Requirement of Being ‘Fit and Proper’

In many industries, it is a requirement that certain individuals performing regulated activities are, and remain, fit and proper. For example, these requirements will apply to certain individuals who are subject to the oversight of financial services regulators such as the Hong Kong Monetary Authority, the Securities and Futures Commission (SFC) or the Insurance Authority. … Read more