Covid-19 is presenting unique and unprecedented challenges for employers who have to grapple with often complex HR and data protection related issues in a rapidly escalating crisis. Employers are anxious to ensure continuity of their business, the health and safety of their employees and compliance with data protection obligations where these arise.

Our Employment and Data Protection teams have been advising employers on these issues for a number of weeks and have collated responses to a number of frequently asked questions to assist employers at this time.

 
Continue Reading COVID-19: Top 10 Employer FAQs

The Minister of Finance has passed new Regulations, the Data Protection Act 2018 (section 60(6)) (Central Bank of Ireland) Regulations 2019, permitting data subjects’ rights under Articles 12-22 and Article 34, and controllers’ obligations under Article 5 GDPR, to be restricted to the extent necessary and proportionate to allow the Central Bank of Ireland (CBI) to carry out certain functions.
Continue Reading New Regulations permitting Central Bank to restrict individuals’ data protection rights

The European Data Protection Board (EDPB) has published its Annual Report covering the period from 25 May – 31 December 2018.  It provides an overview of the EDPB’s activities last year, and discusses the areas it intends to focus on in 2019-2020.
Continue Reading EDPB Publishes Annual Report for 2018

The Data Protection Commission (DPC) has published its Annual Report for 25 May-31 December 2018. As always, the Report reveals some interesting statistics and case studies. In the coming months, the DPC expects to conclude a number of statutory inquiries, which it launched in 2018, into multinational technology companies with EU headquarters situated in Ireland. The DPC anticipates that the conclusion of those inquiries will provide precedents for better implementation of the principles of the GDPR across key aspects of internet and ad tech services. This briefing note sets out some of the highlights of the Report.
Continue Reading DPC publishes Annual Report for May-December 2018

The European Commission has published an infographic on compliance with and enforcement of the GDPR since from May 2018 to January 2019. The infographic reveals some interesting statistics, including:

• 95,180 complaints have been made to EU national data protection authorities (DPAs) by individuals who believe their rights under the GDPR have been violated. The majority of these complaints concerned telemarketing, promotional emails, and video surveillance/CCTV.

Continue Reading European Commission publishes statistics on GDPR enforcement activities

The UK Court of Appeal has dismissed an appeal against the High Court’s decision that Morrisons is vicariously liable to 5,000 employees for misuse of their personal data by a rogue employee.

The decision is causing shockwaves amongst businesses, as it shows that a company may be held vicariously liable for a data breach caused by an employee, even if the employee’s motive in committing the breach was to harm the company (Wm Morrisons Supermarkets Plc v Various Claimants [2018] EWCA Civ 2339).

The amount of compensation to be awarded has yet to be determined. The Court of Appeal …
Continue Reading Court of Appeal confirms Morrisons’ vicarious liability for deliberate data breach caused by employee

Speaking at A&L Goodbody’s breakfast seminar, ‘GDPR – The Last Lap‘, Anna Morgan, Deputy Data Protection Commissioner, has warned that companies who ‘over-report’ and adopt an overly conservative approach to the GDPR’s breach notification requirements may risk enforcement action from the Data Protection Commission (DPC).
Continue Reading Over-Reporting Data Breaches to Data Protection Commission may result in enforcement action, warns Deputy Data Protection Commissioner