Data Subject Access Requests and Data Breaches seminar - Cardiff
- 30 January 2020
- 09:00-10.30
- Park Inn by Radisson, Mary Ann St, Cardiff, CF10 2JH
- Entry: Free
Event materials
Submit your details to request event materials
An increase in Data Subject Access Requests from employees and media coverage of data breaches (including the recent New Year’s Honours data breach) has seen data protection increasingly influencing the HR agenda.
Data subject access requests can come from anyone, but probably the most common and problematic are in an employment context. A disgruntled employee may, for instance, make a request to gather evidence for a claim or to increase pressure with the hopes of securing an exit package - and the GDPR has expanded the information that employers must provide.
Dealing with data subject access requests can be a headache. In addition to coping with the sheer volume of documents such requests can produce, overstretched IT or HR personnel need to work with new concepts (for example what is “manifestly excessive”?), apply legal doctrines (such as the law relating to privilege) and deal with complex issues (such as how to treat the data of third parties).
The GDPR also has a new regime of mandatory reporting and notification for data breaches. This could be triggered by something as simple as an employee sending an email to the wrong address, requiring employers to consider whether a data loss or data breach triggers the threshold for notification to regulators and whether data subjects should be informed.
In this update, we’ll look at the new GDPR subject access regime, key points to consider when you receive a request, how to deal with some of these complex issues in practice and provide guidance on spotting and handling some of the more “routine” data breaches.
If you have any queries, or a colleague who would like to attend, please contact events@lewissilkin.com.
Dealing with data subject access requests can be a headache. In addition to coping with the sheer volume of documents such requests can produce, overstretched IT or HR personnel need to work with new concepts (for example what is “manifestly excessive”?), apply legal doctrines (such as the law relating to privilege) and deal with complex issues (such as how to treat the data of third parties).
The GDPR also has a new regime of mandatory reporting and notification for data breaches. This could be triggered by something as simple as an employee sending an email to the wrong address, requiring employers to consider whether a data loss or data breach triggers the threshold for notification to regulators and whether data subjects should be informed.
In this update, we’ll look at the new GDPR subject access regime, key points to consider when you receive a request, how to deal with some of these complex issues in practice and provide guidance on spotting and handling some of the more “routine” data breaches.
If you have any queries, or a colleague who would like to attend, please contact events@lewissilkin.com.
Event speakers
Tom Ford
Managing Associate
I am a UK lawyer who advises on data protection matters from a risk and governance, workplace, and commercial perspective. Taking a ...
- +44 (0)20 7074 8373
- tom.ford@lewissilkin.com
Sean Illing
Managing Associate
I work in two main areas: data, privacy & cyber, and employment law.
- +44 (0)20 7074 8272
- sean.illing@lewissilkin.com
Related items
Related services
Data Subject Access Requests
17 November 2016A practical look at some of the complexities faced by professional services firms in handling DSARs from clients, former clients, employees and partners.