Data Protection Update 2021

Data Protection Update 2021

Introduction - Why this event and why now?

Data loss and associated problems continues to be the most pressing and possibly even an existential threat to many organisations. The GDPR is beginning to really kick in as we approach the third year of its operation. Remote and home working have exacerbated the risks.

The pandemic created a sea change in working from home, the Office for National Statistics reporting that WFH employees increased from around 12% of employees in 2019 to 47% in 2020, with almost 90% of those saying they worked from home because of Covid-19 restrictions.

It seems such a long time ago (pre-covid) that in October 2019 The Court of Appeal established in the case of Lloyd v Google LLC that compensation is in principle capable of being awarded for loss of control of data, even if there is no financial loss and no distress. ‘Class’ or ‘representative’ actions on behalf of many claimants have been established. Is there an organisation in the UK that hasn’t had at least dozens of Data Subject Access Requests (DSARs)? Is there an HR department that hasn’t received DSARs in relation to grievances or other complaints, seemingly unrelated to the GDPR?

Why is this event important for YOU?

Covid-19 and WFH has transformed workplaces and the data protection landscape. Remote working makes recording meetings easy, for example. Cyber criminals are very happy – lockdown has seen a massive increase in phishing attempts. Moving from home to workplace by ‘hybrid’ workers also increases data protection risks.

We focus on the data protection issues that matter to employers and HR professionals – remote working, monitoring home workers, DSARs, grievance and disciplinary transparency, and minimising the risks of data breaches. We also have a session from the Information Commissioner’s Office looking at the data protection trends most likely to impact on employers.

After attending you will:

Have received a comprehensive update on data protection developments that affect employers in the UK and will have had ample time to question the ICO and other data protection experts. Our sessions will be filmed (with full participant DP permissions!), so that you can watch back after the event and check your understanding of developments.

Course overview/outline programme

We have FIVE terrific sessions this year:

  1. Remote Working, Monitoring Home Workers and Data Protection: Employers are permitted to supervise their employees, but how much is too much, and therefore unlawful? And what are the other data protection risks associated with home working that are less likely to occur in the office?
  2. Transparency in Disciplinary and Grievance Proceedings: What are the data protection barriers in the UK to openness in employment disputes? How transparent may an employer be and still avoid valid complaints under data protection laws?
  3. Are You Breach-Ready? Cyber Attacks, Data Breaches and Continuing Compliance. Data breaches in the UK are being reported to the ICO at the rate of 30 per DAY. A recent survey found that up to 88% of UK companies have suffered data breaches in last 12 months. If your data security is breached, you will possibly face mass claims for compensation. You will probably be the victim of an attack or breach at some stage, but what questions does the ICO ask when they investigate breaches? What do they expect to see in relation to your organisation’s readiness against a data protection breach?
  4. HR, Data Subject Access Requests and Data Cleansing: Employees and DSARs. When can employers refuse to provide information requested in a data subject access request? How might requests be limited? What information may lawfully be redacted or anonymised? HR Files - in the ‘old days’ HR professionals would do a spring clean of HR files – weeding out material that should be discarded etc.  Many HR files are now held online, so how do we spring clean virtual files and where does the information go? 
  5. ICO Update 2021 - Learnings, Trends and Lessons from the Regulator – The ICO provides a round-up of developments and new guidance expected by May 2021 that will impact on employers.

Who is it for?

This event is aimed at employers and HR professionals with data protection responsibilities and concerns.

When & Where?

This event will take place online between 9.15am and 1.00pm on the 25th May 2021 on the Newrow platform.

Price

Early Bird Rate: £185 + VAT (deadline Friday 7th May 2021 at 5pm)

Standard Rate: £225 + VAT

Save an additional £20 when you book and pay online when booking.

More about Newrow...

This event will be hosted on a Browser based platform named Newrow. In order to access the event correctly, you will need to use the Google Chrome browser. This is the only browser that will work, please do not use Internet Explorer, MS Edge or Mozilla Firefox. We understand that some IT policies may not allow downloading of new browsers, so if this is the case for you please use your own personal device to access the event and if you do not have Google Chrome installed, you can download it here - https://www.google.com/chrome/ or on the Google Play/App Store for tablets and iPads.

If you would like further information regarding your Browser please contact us at events@legal-island.com and we will be happy to discuss with you further.

Upon entering the event Newrow will prompt you to enter only your full name and email address, there is no need to register a password.

In association with: 

Pinsent Masons logo

 

 

Programme

9.15

Welcome and Introduction from Scott Alexander, Head of Learning & Development, Legal Island.

9.30

Remote Working, Monitoring Home Workers and Data Protection

Many of us have been working remotely since March 2020 and it’s likely that many will continue to do some form of hybrid working going forward. 

The pandemic created a sea change in working from home, the Office for National Statistics reporting that WFH employees increased from around 12% of employees in 2019 to 47% in 2020, with almost 90% of those saying they worked from home because of Covid-19 restrictions.

To compensate for the lack of oversight, some employers installed tracking software on laptops – they can log keystrokes, track internet use, or even take photos or videos to track time spent at home desks. How does this sit with an employee’s A.8 rights under the ECHR and their right to respect for their private and family life, homes and correspondence? Employers are permitted to supervise their employees, but how much is too much, and therefore unlawful? And what are the other data protection risks associated with home working that are less likely to occur in the office?

Laura Gillespie outlines the key data protection issues arising from remote working and the lessons learned.

9.55

Screen Break and Time to Send in Your Questions

10.00

Transparency in Disciplinary and Grievance Proceedings.

The Equality and Human Rights Commission in GB issued this guidance in 2020: “Be transparent about outcomes: Employers should take steps to ensure that they can tell complainants about the outcome of their complaints, even though this may involve disclosing personal data about the accused. Privacy notices and other documents may need reviewing to cover the disclosure of disciplinary outcomes.”

So:

  • What are the data protection barriers in the UK to openness in employment disputes?
  • How transparent may an employer be and still avoid valid complaints under data protection laws?
  • Can one data subject demand information on another in a disciplinary or grievance setting?
  • Do data protection laws really limit provision of documents that refer to two or more employees?
  • Where exactly does the balance lie between protection under the Data Protection Act for one employee and the right to know outcomes under the European Convention on Human Rights?

Paul Gillen explains and sets out relevant examples.

10.25

Screen Break and Time to Send in Your Questions

10.30

Panel Discussion and Questions with Laura Gillespie & Paul Gillen

10.45

Break – Stretch Your Legs, Get Away from the Screen, and we will see you in 30 mins

11.15

Are You Breach-Ready? Cyber Attacks, Data Breaches and Continuing Compliance.

Data breaches in the UK are being reported to the ICO at the rate of 30 per DAY. A recent survey found that up to 88% of UK companies have suffered data breaches in last 12 months. If your data security is breached, you will possibly face mass claims for compensation. You will probably be the victim of an attack or breach at some stage, but what questions does the ICO ask when they investigate breaches? What do they expect to see in relation to your organisation’s readiness against a data protection breach?  Laura Gillespie and Anna Flanagan share recent experiences of handling cyber attacks - from loss of laptops to ransomware encrypting all systems.

11.40

Screen Break and Time to Send in Your Questions

11.45

HR, Data Subject Access Requests, Deletion requests and retention periods:

A)     Employees and DSARs. When can employers refuse to provide information requested in a data subject access request? How might requests be limited? What information may lawfully be redacted or anonymised?

B)     Deletion requests and retention periods – what happens when employees and former employees make deletion requests? How long should you be holding onto employee data?

Anna Flanagan outlines an employer’s obligations in relation to requests for data or deletion from employees and data retention in personnel files and elsewhere for the modern HR system.

12.10

Screen Break and Time to Send in Your Questions

12.15

ICO Update 2020 - Learnings, Trends and Lessons from the Regulator,

Ken Macdonald, Head of ICO Regions.

12.40

Panel Discussion and Questions with Laura Gillespie, Anna Flanagan, and Ken Macdonald

1.00

Close

Testimonials

"I liked the presenters, I thought they were very well informed and kept the crowd going. I also liked the interactive nature of the event."

Amy Gilbride, Deputy Head of HR, AFBI

"The speakers were very knowledgeable and presented their information in a manner that made sense to a relative newcomer. I particularly liked the comprehensive welcoming package and the quality of the speakers."
Andrew Aicken, Corporate Information and Communications Officer, CCMS

"For me, GDPR is not the most exciting of subjects, however the three speakers managed to keep my interest throughout the day. I particularly liked the way the day was broken up between listening, Q&A and group discussions."
Jennifer Campbell, HR Manager, NILGOSC

"Very informative and gave working examples meaning it was easy to understand how to apply the regulations changes to my organisation."
Lorna Elliott, HR/Office Manager, Ulster-Scots Agency

"Very knowledgeable speakers and well-informed slides. Great opportunity to network."
Patrick Hanna Senior HR and Information Manager Business Services Organisation

"All speakers very knowledgeable and informed. Good practical examples given."
Pip Crook, Head of Corporate Services & Record Management , HSENI

"The event was instructive on the main aspects of the legislation and the speakers provided insightful and informed guidance."
Andrew Millar, Assistant Director of Judicial Appointments, Northern Ireland Judicial Appointments Commission

"Helpful tips and next steps towards GDPR compliance."
Siobhan Laverty, Director of Finance & Business Support (& Data Protection Officer), Simon Community NI

"The event was very informative and offered good insight on what GDPR means in a practical sense for my organisation."
Fiona Byrne, HR Support Services Manager, NIHE

"Clear comparisons between the current Data Protection principles and the new incoming GDPR, with Case Studies and practical examples used. The session at the end for Public Sector was very welcome."
Deirdre Allison, Training Consultant, Yearn2Learning Training

"Good overview of the new regulations, clear to see what steps we need to take next."
Robin Arbuthnot, Director of HR & OD, Simon Community NI

Presenters


  • Laura Gillespie
    Laura Gillespie Partner
    Pinsent Masons

    Laura Gillespie is a partner in the litigation & dispute resolution team and is based in Pinsent Masons' Belfast office. She handles a wide range of commercial disputes, to include contractual disputes, fraud, land disputes, judicial review and professional negligence.  Laura is a specialist in regulatory compliance, helping clients navigate through regulatory enforcement such as Data Protection, Environmental & Waste, Health & Safety, Modern Slavery and Internal Investigations for bribery and fraud.  Laura is recognised in both Legal 500 and Chambers & Partners.

  • Anna Flanagan
    Anna Flanagan Senior Associate
    Pinsent Masons

    Anna is qualified as a solicitor in Northern Ireland and the Republic of Ireland. She works as a Senior Associate in the Litigation & Regulatory Compliance team of Pinsent Masons, specialising in helping clients handle regulatory investigations and prosecutions to include Data Protection & Freedom of Information and Fraud. Anna also advises clients in relation to commercial litigation disputes, particularly litigation arising from Property and Energy matters.

  • Ken Macdonald
    Ken Macdonald Head of ICO Regions (Northern Ireland, Scotland, & Wales)
    Information Commissioner's Office

    Ken Macdonald joined the ICO in 2005 after a career as an economist in the higher education, private consultancy and local authority sectors.  Initially having responsibility for the Scotland office alone, he subsequently took charge of the office in Northern Ireland in 2009 and then the Wales office in 2016 under the title Head of ICO Regions. 

     

  • Paul Gillen
    Paul Gillen Partner
    Pinsent Masons

    Paul Gillen is a Partner in the employment & pensions team at Pinsent Masons LLP. Beginning his career in Human Resource Management, he spent more than 10 years working in a variety of HR roles including retail, construction, civil engineering, manufacturing and distribution.

    Paul is a Chartered Fellow of the Chartered Institute of Personnel & Development and is currently vice chair to the Northern Ireland Branch Committee. Paul is a member of the CBI Employment and Skills committee and a Visiting Professor to the School of Law at the University of Ulster.

Early Bird Offer

Save up to £40

Event details

Duration

9.15am - 1.00pm

Date

25 May 2021

Location

Newrow

Price

Early Bird Rate: £185 + VAT (deadline Friday 7th May 2021 at 5pm)

Standard Rate: £225 + VAT

Save an additional £20 when you book and pay online when booking.