Included in this Data Issues Round Up: Many councils not yet able to comply with GDPR and European court overturns ruling on sacking of employee over private messages. Read more...

United Kingdom

Many councils not yet able to comply with GDPR

A freedom of information request by M-Files to all 32 London boroughs and 44 other local authorities has revealed nearly 70% of Councils are yet to comply with the right-to-be forgotten element of the data protection regulations.

This serious requirement of the GDPR is due to come into force in May next year. It will place onus on businesses to introduce better measures around data protection and controls, including how the Personally Identifiable Information of EU nationals is gathered, stored and shared.

Julian Cook, vice president of UK Business at M-Files, believes organisations should focus on implementing technology solutions that streamline personal data management in their preparations for GDPR.

Last month, it was also discovered that 82% of councils had still not assigned any budget towards making sure they comply with GDPR.

European court overturns ruling on sacking of employee over private messages

The European Court of Human Rights (ECHR) has ruled, Bogdan Mihai Barbulescu, a Romanian engineer, should not have been sacked in 2007 for sending private messages at work via the Yahoo messaging system.

Mr Barbulescu's employer had used surveillance software to monitor his computer activity, reading messages he sent to his brother and fiancée from an account he had set up for work purposes. The firm had rules in place which banned the use of online accounts.

In court, Article 8 of the European convention on human rights was relied upon by Mr Barbulescu. This guarantees respect for private and family life and correspondence.

The ECHR ruled that Barbulescu's right to privacy had not been "adequately protected" and he had not been warned in advance that his communications would be monitored.

Employers may now be forced to give staff more explicit warnings in fair processing notices if they want to monitor internet use, ensuring the employee is given adequate reasons for the intrusion. With the upcoming General Data Protection Regulations (GDPR) this is likely to bring an expectation for a more forthcoming approach to employee rights to privacy in the workplace in an effort to prevent ECHR attention in the future. 

Key Contacts

Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile