August News Roundup 2018

Supermarket legally responsible for employee data leak

Supermarket legally responsible for employee data leak

Morrisons was found responsible for leaking thousands of employees’ data. The data was posted online by former senior internal auditor, Andrew Skelton. He posted information such as names, addresses, bank accounts and salaries, and risked Morrisons’ current employees to identity theft and financial loss.

The reason for stealing the employee data may have been a grudge over an incident when he was blamed for dealing legal highs at the workplace.

Skelton was found guilty and jailed for eight years. The company was responsible for breaches of privacy, confidence and data protection laws.

It has already cost Morrisons more than £2m for responding to the misuse of employee data.

 

Two companies sentenced after worker falls from height

Principal contractors Jeff Payne and Brewsters (Poole) Ltd have been fined after 32-year old self-employed builder, Jamie Butler, fell from height while at work.

Butler was working on a project with unsecured scaffolding. This resulted in a 2 metre fall causing a broken wrist and collarbone along with injuries to the head and lower back which required an operation. Both companies pleaded guilty.

Jeff Payne was issued with a 60-hour community service order and to pay costs of £1,125.

Brewsters was fined £2,700 and ordered to pay costs of £1,125. HSE inspector Nicole Buchanan said: ‘This incident could so easily have been avoided by simply carrying out correct control measures and safe working practices’.

 

Employee wins unfair dismissal court case

A Sainsbury’s employee, Kurmajic, was wrongly dismissed because of his comment on a Facebook post. Kurmajic’s colleague had posted photos of a driver’s car stuck on a ramp.

When Kurmajic saw the picture, he posted the name, age and car registration number of the driver in an attempt to question the driver’s capability to drive. During the suspension hearing with the store manager, Kurmajic claimed he would not do it again. However notes from the hearing suggested he would post again if given the chance. He was dismissed following the hearing.

The store manager claimed Kurmajic hurt the company’s reputation. Kurmajic appealed internally insisting that he did not breach the social media policy. The policy referred to ‘customers’ but it was unclear whether the driver was a customer or not. He also claimed that he should have received training regarding the company’s policies.

The judge ruled that the store manager was careless and not familiar with the contents of the policy himself. He should have considered an alternative other than dismissal as there was no proof of damage to the brand.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.