Data Protection in the Workplace – What you need to know in 2020

Posted in : Supplementary Articles NI on 12 March 2020
Legal Island
Legal Island
Issues covered:

In the past two years since the GDPR became law, we have published dozens and dozens of news items on data protection developments in Northern Ireland – mainly in our weekly review of developments emails we send out every Friday. Here is a list of updates so far from 2020:

How AI Is Helping Bradford NHS Trust Through Winter Pressures

Technology is helping to create bed capacity and keep surgery on schedule at Bradford NHS trust. Gill Hitchcock, Public Technology, reports on what this means for patients and staff in what is typically a busy time of year. 

Read more here

Home Office Body Takes Evidence on Ethics of Police Use of Facial Recognition

An arms-length body of the Home Office is to gather evidence on the ethics of police forces working with private companies on the use of live facial recognition (LFR) technology. 

More here

Top Legal Aid Earners No Longer Published Out of GDPR Concerns

The law firms and barristers earning most from legal aid in Northern Ireland are no longer being named out of concerns about GDPR rules. 

More from Irish Legal

International Airline Fined £500,000 For Failing to Secure Its Customers’ Personal Data

The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data. 

More from the CIO

Belfast Company Flags Data Breach Hitting Thousands

The details of more than 4,500 people were published on the website of a new parking app. The discovery on the corporate section of the JustPark system was made by a Belfast business owner.  Names, email addresses, mobile numbers, car makes and registrations from across the UK were all made available. 

More on this from the BBC

Government to Ask Suppliers to Sign Up to AI Standards

Government suppliers of artificial intelligence will be required to adhere to standards covering areas such as ethical usage and explainability, PublicTechnology understands.  The Committee on Standards in Public Life this week published a report examining the potential impact of AI on the public sector and the delivery of citizen services.

More here

Joint Statement for FCA-Authorised Firms and Insolvency Practitioners

Joint statement from the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and the Financial Services Compensation Scheme (FSCS).  We are aware that some FCA-authorised firms and insolvency practitioners (IPs) have attempted to sell clients’ personal data to claims management companies (CMCs) unlawfully.  This can happen either before or after a firm has gone into administration and where it is likely claims for compensation will be made to FSCS.

More from the ICO

Detailed guidance on subject access requests published

Click here to read this

Travelex cyber ransomware case shows the importance of service contracts

Click here to read this

Natural for insurers to clarify cyber cover

Click here to read this article

London pharmacy fined after “careless” storage of patient data

The Information Commissioner’s Office (ICO) has fined a London-based pharmacy £275,000 for failing to ensure the security of special category data. Doorstep Dispensaree Ltd, which supplies medicines to customers and care homes, left approximately 500,000 documents in unlocked containers at the back of its premises in Edgware. The documents included names, addresses, dates of birth, NHS numbers, medical information and prescriptions belonging to an unknown number of people. Some of the documents had not been appropriately protected against the elements and were, therefore, water damaged.

Read more

Several thousand Aviva customers receive an apology after the insurer mistakenly called them all Michael

The company, which has millions of customers, blamed a "temporary technical error" for the incorrect emails.  It stressed that the wrong name in the email greeting was the only mistake and no personal details had been compromised. 

More on this from the BBC

A Guide to Using Artificial Intelligence in The Public Sector

This guidance is for organisation leads who want to understand the best ways to use AI and/or delivery leads who want to evaluate if AI can meet user needs.  It has been produced by the Office for Artificial Intelligence and is available here

ICO statement on Data Protection and Brexit Implementation – What You Need to Do

The UK left the European Union on 31 January and entered a Brexit transition period.  During this period, which runs until the end of December 2020, it will be business as usual for data protection. The GDPR will continue to apply.

A full suite of Brexit guidance and materials, to enable you to prepare for all scenarios, is available here from the ICO

ICO Publishes Code of Practice to Protect Children’s Privacy Online

The Information Commissioner’s Office has published its final Age Appropriate Design Code – a set of 15 standards that online services should meet to protect children’s privacy. 

More on this from the ICO

Maximum Fine Levied for Data Breach

The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.

Click here to read more


Data Protection developments and the impact of the GDPR will continue to grow and we’ll bring you all the latest important updates in our weekly reviews every Friday.

In the meantime, you might also be interested all-staff data protection and cyber security training. A combination of human error and cyber attacks are often at the heart of data breach incidents. Annual data protection and cyber security training are essential and recommended by the ICO to raise awareness amongst staff, to help them identify and avoid potentially harmful online risks such as phishing, ransomware and email scams. Find out more below about our eLearning courses.

Training Resources

Did you know Legal Island offer eLearning training courses in Data Protection in the Northern Ireland Workplace and Cyber Security in the Northern Ireland Workplace?

Data Protection in the Northern Ireland Workplace

Legal Island’s Data Protection in the Workplace eLearning course is tailored specifically to provide your employees with comprehensive training and you with an evidence trail for the ICO, should a data breach occur.

Click here to learn more about this course

Click here to view a free demo

Cyber Security in the Northern Ireland Workplace

It is vital that your employees have an understanding of the importance of cyber security and the dangers which may be present in your workplace. Legal Island’s Cyber Security in the Workplace eLearning course is tailored specifically to Northern Ireland law and provides comprehensive compliance training for all employees on cyber security practices in the workplace.

Click here to learn more about this course

Click here to view a free demo


This article is correct at 12/03/2020

The information in this article is provided as part of Legal-Island's Employment Law Hub. We regret we are not able to respond to requests for specific legal or HR queries and recommend that professional advice is obtained before relying on information supplied anywhere within this article.

Legal Island
Legal Island

The main content of this article was provided by Legal Island. Contact telephone number is 028 9446 3888 / 01 401 3874 or email

View all articles by Legal Island