All Things Newz
Law \ Legal

Access To Personal Data – Do You Have A Valid Business Reason? – Data Protection

To print this article, all you need is to be registered or login on

We live in a world that runs on data. Every time we sign up for
a new service, buy a product online or even sign up for a
newsletter, we leave a data trail behind. By law, we have some
level of control over how companies use our data and have measures at our disposal to request they
delete the data they hold
– in certain circumstances.

Importantly, for the companies and institutions that hold
information about us, there is protective legislation governing how
they use that data. The Data Protection Act 2018 requires
everyone to use data fairly, lawfully and transparently. Avoid
falling foul of the law by ensuring your staff understand when they
can and can’t access customer data

The consequences of accessing data illegally

The consequences for individuals and businesses that run foul of
this legislation can lead to costly legal proceedings and
significant reputational damage.

Recently, a case went before the magistrate’s
 where the defendant was employed at South
Warwickshire NHS Foundation Trust. Christopher O’Brien
pleaded guilty to unlawfully accessing the medical record of 14
patients without a valid legal reason.

In this instance, the defendant accessed the records of people
known to him without a valid business reason or the knowledge of
the trust he worked for. This led to significant distress for the
victims and reputational damage for the NHS Trust.

The defendant was ordered to pay £250 in compensation to
12 patients, totalling £3,000 in total.

The importance of training your staff to be data-aware

The above case is an unfortunate example of what can happen when
personal data is accessed without a valid business reason. While
you can’t control the actions of certain rogue individuals
24/7, you can ensure adequate training is given, minimising the
chances of data being accessed improperly.

For example, there are many instances where a business might
need to access a client’s data. However, the line between
accessing that data legally and illegally can be a very fine

In a case where an architect is representing a client in
preparing some plans to accompany a planning permission
application, it might be required for the architect to access a
google street view or google earth image of the client’s
property for a visual representation of the land and building in

However, if a receptionist at the architect’s firm looked
up the client’s residence simply out of curiosity to see what
the client’s house looked like, this would be an improper use
of personal data as there is no valid legal or business reason for
that person to access such information.

Advising your staff of these nuances could be the difference
between a compliant GDPR strategy and costly legal issues resulting
in reputational damage.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.


The ICO Guidelines On UK BCRs

Reed Smith (Worldwide)

The ICO published new guidelines on Binding Corporate Rules (BCRs) on 25 July 2022. There have been significant delays in approvals of UK BCRs by the ICO following Brexit.

International Transfers Summer 2022 Update

Kemp IT Law

This is my Summer 2022 update to my three vlogs on international transfers of personal data – which were thrown into the spotlight by Schrems II! Check out the vlogs for a quick refresher here…

Source link

Related posts

Bollywood’s Sholay Still Reigns Supreme: Protecting Film Titles In India – Trademark

Logos Sufficient To Distinguish Descriptive Word Marks – Trademark

Guidelines Published On The Use Of Online Cookies In Turkey – Data Protection