Welcome guest, please log in here   |    T +44(0)115 7180333   |   E   info@halborns.com

Archive

October, 2021

Data protection – pt.2 building your audit routines

Posted on: October 22nd, 2021 by Ginny Hallam

Last week we provided you with the initial building blocks for your data protection audit routines – below is the second instalment. 

Training – a key element to creating a culture conscious about data compliance, your audit routine will want to ensure everyone has had the relevant training (along with regular refreshers and records kept) so they’re up to speed with your policies, practices and what’s expected of them. We can support with data protection training – find out more.

Impact assessments – have you introduced a new computer system or marketing platform? You’ll need an impact assessment. Our data protection toolkit has extensive guidance for impact assessments – find out more.

Data subject access requests (DSAR) – maintain a DSAR log to ensure they’re being recorded and responded to appropriately. Keep track of deadlines, follow up actions and any requests you’ve made from the individual (requests for ID and admin fees, for example).

Privacy notices – they’ll need to be a regular feature in your audit routine to ensure they keep pace with your data processing practices and you’re communicating any updates necessary. You’ll find what you need in our previous updates.

In our next update, we’ll explore what great data protection training looks like.

Get in touch if you’d like to access our Data Protection Toolkit or need support carrying out an audit of your data protection practices. 

 

This update is accurate on the date it was sent (27 October 2021), but may be subject to change which may or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.

Proper consideration of flexible working requests

Posted on: October 22nd, 2021 by Ginny Hallam

Two recent cases (here and here) have shown that failing to give proper consideration to flexible working requests can give rise to successful sex discrimination claims.

Background

Both cases related to mothers returning from maternity leave and requesting to work flexibly to manage their child-caring responsibilities. The employers failed to provide evidence to show they’d given adequate consideration of the proposals, with the tribunal deciding this amounted to indirect sex discrimination in both cases.

Practical takeaways

Childcare disparity – women are recognised by tribunals as facing a childcare disparity. Failure to objectively assess and evidence why you’re unable to accommodate a request to work flexibly opens the door for arguments of discrimination.

Training – anyone responsible for making a decision on flexible working requests should have thorough training and a consistent system to enable them to identify, consider and respond appropriately to the request.

Trial – consider a trial if you’re unsure whether the proposal will work – capture the terms in writing so everyone is on the same page.

Facts and figures – any refusal should be supported by facts and figures. Simply saying ‘the costs will be too high’ leaves open arguments of discrimination.

With the government proposing a day-one right to request flexible working, a spike in requests is likely. Taking a proactive approach now can help you get ahead – here are our previous updates to help if you’re in a flexible working fix.

If you need support in managing future flexibility and flexible working requests, Intelligent Employment is here to help. Find out more.

 

This update is accurate on the date it was sent (26 October 2021), but may be subject to change which may or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.

Data protection – building your audit routines

Posted on: October 19th, 2021 by Ginny Hallam

Taking a proactive and consistent approach to your data compliance routines ensures you’re keeping a handle on the data you hold throughout the year. Below are our thoughts on the key building blocks for your audit routine.

Accountability – having someone in the business accountable for data protection will help to drive audit routines and build a culture conscious about data compliance.

Personal data register (PDR) – a requirement if you have over 250 employees, but highly recommended if you don’t! A well-maintained PDR will underpin your audit routines giving you a clear picture of all the data you hold and what you do with it. We’ve got a PDR template in our Data Protection Toolkit – find out how to access.

System security – employees should only have access to personal data necessary to fulfil the requirements of their role. Regular reviews of the safeguards you have in place will reduce the risk of unauthorised access and highlight where extra security measures might be required.

Third-party processors – review any agreements you have in place to ensure they’re up to date and still relevant.

We’ll provide pt.2 of our audit routine building blocks next week. Get in touch if you’d like to access our Data Protection Toolkit or need support carrying out an audit of your data protection practices. 

 

This update is accurate on the date it was sent (20 October 2021), but may be subject to change which may or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.

Party snub was maternity discrimination

Posted on: October 18th, 2021 by Ginny Hallam

You might not be ready to think about Christmas just yet, but with parties being booked, this case is a useful reminder of the importance of inclusivity.

Background 

The claimant was not invited to a Christmas party organised by her employer whilst she was on maternity leave. The employer stated that it did not occur to them to invite her as ‘it was not a proper party’. The employer had also failed to keep her up to date with the financial situation of the business which had led to her role being made redundant (which the employee was only informed of when planning her return from maternity leave).

The tribunal held she had been unfairly dismissed and discriminated against because she’d been treated unfavourably whilst on maternity leave.

Practical takeaway 

Communication is key – out of sight must not mean out of mind. It may not be the intention to exclude anyone from social events, but ensuring that everyone (including those on maternity leave) is kept in the loop and given the option to accept or decline will remove the risk of potential discrimination arguments.

Proactive plan – before an employee goes on maternity leave agree how they’d like you to stay in touch, be it email, calls, or text, and how frequently they’d like to hear from you (as and when things come up, or weekly / monthly updates, for example).

If you need advice or support in managing family-friendly leave – Intelligent Employment can help. Find out more.

 

This update is accurate on the date it was sent (19 October 2021), but may be subject to change which may or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.

Data protection – pt.2 is your privacy notice up to date?

Posted on: October 13th, 2021 by Ginny Hallam

Last week we shared our initial thoughts on how to ensure your privacy notices keep pace with your data processing practices. Below is pt.2 on what your privacy notices need to cover…

Sharing – if you need to share personal data with third parties, clearly explain why and what they’re going to do with the information (and how they’re going to keep it secure).

Transfer – post-Brexit the European Commission provided an adequacy decision meaning rules on transfers of personal data between the EU and UK are unchanged. That said, your privacy notice will still need to call out if you transfer data outside of the UK, where to, and the legal basis for the transfer.

Rights over data – clearly explain individuals’ rights in respect of the data you collect and how they can exercise them including access, deletion, correction, or withdrawal of consent.

Complaints – explain who to contact if individuals have any queries or concerns along with their right to contact the Information Commissioner’s Office (ICO) if they’re unsatisfied with your response.

Keep your privacy notice simple, straight-forward, and use real examples throughout to present the relevant detail in a user-friendly and meaningful way. Ensure to communicate whenever you’ve updated your privacy notice. If you need our support, get in touch.

 

This update is accurate on the date it was sent (13 October 2021), but may be subject to change which may, or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.