Jump to content


ICO circumvent own GDPR guidelines?!!!!


paulwlton
style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 1975 days.

If you need to add something to this thread then

 

Please click the "Report " link

 

at the bottom of one of the posts.

 

If you want to post a new story then

Please

Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 

 

Thanks

Recommended Posts

Thought id challenge the processing of my personal data by a former employer in relation to my banking data, death-in-service beneficiaries and emergency contact details (wife and son's personal data). I left the company in June 2016.

 

The ICO's public guidance is that the aforestated data should be deleted once the employee leaves the company.

 

The ICO has just made a decision that is contrary to the public guidance???

the decision states companies can process the data for seven years. This is bizarre - either the public guidance requires amending or the ICO decision in my case is plainly wrong. What chance has joe public got???????

 

Below is the ICO's public guidance.

 

Example

 

An employer should review the personal data it holds about an employee when they leave the organisation’s employment. It will need to retain enough data to enable the organisation to deal with, for example, providing references or pension arrangements. However, it should delete personal data that it is unlikely to need again from its records – such as the employee’s emergency contact details, previous addresses, or death-in-service beneficiary details.

An appeaser is one who feeds a crocodile, hoping it will eat him last. <br />

Winston Churchill

Link to post
Share on other sites

A complaint I submitted. The ICO has decided to make a decision in favour of big business contrary to their public guidance. The ICO are a disgrace.

An appeaser is one who feeds a crocodile, hoping it will eat him last. <br />

Winston Churchill

Link to post
Share on other sites

If you consider it from the employer's side. Let's say in a few years you decide to claim for hearing loss. If they have destroyed all reference to your existence how could they possibly defend a claim without any evidence.

There are issues which I don't think were fully considered prior to the GDPR coming into force which will be coming to light now.

Link to post
Share on other sites

If you consider it from the employer's side. Let's say in a few years you decide to claim for hearing loss. If they have destroyed all reference to your existence how could they possibly defend a claim without any evidence.

There are issues which I don't think were fully considered prior to the GDPR coming into force which will be coming to light now.

 

The ICO state that employers should delete details of death-in-service beneficiaries and third party emergency contact details once the employee leaves the company. My complaint was that after two years the company was continuing to process said data. The ICO has ignored their own public advice and has stated that a company can hold it for seven years.

 

If this is the case then surely the ICO guidance needs amending???

 

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/storage-limitation/

An appeaser is one who feeds a crocodile, hoping it will eat him last. <br />

Winston Churchill

Link to post
Share on other sites

IMO it is only ICO Guidance, without force of Statute, but poss 'Best Practice'.

It says 'should' - suggestion, not 'must' - a command in the English lang.The Co should be able

to defend their position.

The Highway Code is only Guidance, but it does list the Primary legislation pertaining to most of the Sections, which you ignore at your peril.

Link to post
Share on other sites

IMO it is only ICO Guidance, without force of Statute, but poss 'Best Practice'.

It says 'should' - suggestion, not 'must' - a command in the English lang.The Co should be able

to defend their position.

The Highway Code is only Guidance, but it does list the Primary legislation pertaining to most of the Sections, which you ignore at your peril.

 

The guidance perhaps needs re-wording to include “should be deleted unless the company retains the data pursuant to the administration of justice”

 

The problemI have with the ICO's decision is that the company has never registered or paid the fee under the GDPR - they rely on exemption "processing only for staff administration"..... so they cannot rely on processing for the "administration of justice"

 

Speaking with the ICO today and will appeal the descision on the above basis.

 

Regards

An appeaser is one who feeds a crocodile, hoping it will eat him last. <br />

Winston Churchill

Link to post
Share on other sites

No the guidance doesn’t need rewording. The guidance is factually correct and based on the data minimisation principles.It’s the interpretation by the ICO lackey that’s the issue. The employer only needs to keep the SPECIFIC data required for statutory obligations or possible legal procedures such as unfair dismissal etc and 2 years is usually ample except perhaps for personal data relating to pension. However in all cases of retention the GDPR enforces data minimisation. The employer in the OPs case has no reasonable reason for keeping the information above which is being processed. They have no reason for keeping the emergency contact details or the other info for any possible purposes. In my opinion I would not even bother with the ICO. Letter before claim to previous employer giving them 30 days to delete the data or provide the reason why they are not GDPR compliant as regards data minimisation and see you in court.

Link to post
Share on other sites

  • 2 months later...

The ICO continue to investigate my grievance and significant progress has been made. The ICO know the full facts and will decide shortly whether the company has breached both the DPA 1980 and the GDPR.

An appeaser is one who feeds a crocodile, hoping it will eat him last. <br />

Winston Churchill

Link to post
Share on other sites

  • Recently Browsing   0 Caggers

    • No registered users viewing this page.

  • Have we helped you ...?


×
×
  • Create New...