GDPR – ICO guidance on legitimate interests

On 22 March 2018, the Information Commissioner’s Office (ICO) published guidance titled ‘Legitimate interests’.  The guidance is intended to assist organisations to decide when to rely on ‘legitimate interests’ as a lawful basis for processing personal data, and when an alternative ground should be considered. The guidance states: ‘There are some differences in wording [between the Data Protection Act 1998 and the GDPR], but the three key elements of the concept of legitimate interests remain the same:  a legitimate interest; a necessity test; a balance with individuals’ interests, rights and freedoms.’  The concept of ‘legitimate interests’ is not new, however some changes have been introduced under the GDPR, for example: Legitimate interests are no longer limited to a processor’s own interests or those of third parties to whom data is disclosed.  The interests of any third party, including the wider benefits to society should now be considered. There are new accountability and transparency requirements requiring documentation of the decision to apply a particular ‘lawful basis’ together with the justification. The transparency requirements require individuals to be informed up front as to which lawful basis (or bases) will be relied on, and if relying on ‘legitimate interests’ as a ground the individual must be informed what the legitimate interests are. The guidance states: ‘The ability of public authorities to rely on legitimate Read Full Article…

Newsletter Issue 90

The following articles are covered in this newsletter:

• Data protection: GDPR – ICO guidance on legitimate interests; GDPR – ICO guidance on conducting a DPIA; CCS publishes GDPR toolkit; Data Protection (Charges and Information) Regulations 2018
• Tax: Revised HMRC guidance on VAT cost sharing exemption
• Governance: Bribery Act 2010 – Adequate procedures defence
• Employment: Assessing the reasonableness of a conduct assessment; All cancers are deemed disabilities regardless of their severity; No compensation for injury to feelings if rest breaks are not given
• FAQ: GDPR Do we need to appoint a Data Protection Officer?
Read Full Article…

CCS publishes GDPR customer toolkit

On 13 April 2018, the Crown Commercial Service (CCS) published the GDPR Customer Toolkit Guidance (Toolkit). The Toolkit is aimed at customers of CCS (i.e.  those public bodies currently using CCS commercial agreements) and is intended to aid buyers in making the necessary changes to CCS call-offs (and other contracts) to comply with GDPR. However, it provides useful general guidance for all organisations processing personal data, together with steps to be taken by them. The toolkit includes: a contract change notice to reflect new data protection laws a Schedule for Processing, Personal Data and Data Subjects example terms and conditions to be adapted by the buyer i.e. variation to the framework agreement The Government has already issued procurement policy guidance on GDPR, setting out what the new specific terms are and how they should be used in public sector contracts.  This is contained in the  Procurement Policy Note (PPN) 03/17, which was published in December 2017.

Assessing the reasonableness of a conduct dismissal

The Supreme Court judgment of Reilly v Sandwell Metropolitan Borough Council [2018] UKSC 16 addressed the reasonableness of potentially fair conduct dismissals. A dismissal is fair if an employer can show that: the reason for the dismissal relates to the conduct of the employee, and in the circumstances (including the size and administrative resources of the employer’s undertaking), the employer acted reasonably in treating the conduct reason as a sufficient reason for dismissing the employee and to do so was fair in accordance with equity and the substantial merits of the case. In this case the employee was a headteacher of a primary school and had a close relationship with a man who was convicted of possessing indecent images of children.  She was dismissed following her failure to disclose that relationship to her employer.  The employer argued that this was a potentially fair dismissal on the ground of conduct (part A above) as disclosure of such a relationship was an implied term in her contract of employment.  To establish this conduct reason the employer pointed to the following evidence: Section 175(2) of the Education Act 2002 provides:  ‘The governing body of a maintained school shall make arrangements for ensuring that their functions relating to the conduct of the school are exercised with a view to safeguarding and promoting the welfare of Read Full Article…