In Part 2 of this two part Briefing, Kim Walker from Shakespeare Martineau explains the regulation of data transfers between the UK and the EU during and after the Brexit Transition Period which is due to last until 31 December 2020, and the provisions of the Withdrawal Agreement covering what happens at the end of the Transition Period to EU data “stranded” in the UK when Transition ends. Whose laws apply to it? He also makes some recommendations in case new arrangements on data processing are not concluded by the end of the Transition Period and no adequacy decision is made by the European Commission. In Part 1 of this Briefing, Kim explained what Brexit means for the processing of personal data in the UK during the Transition Period, including the laws that apply during Transition and the changing role of the UK’s supervisory body, the ICO, during and after this period.
Bring Your Own Device (BYOD): We're seeing a lot of company policies encouraging employees to "bring your own devices" (smartphones, laptops and tablets). The thinking is that if employees get to use devices they're familiar with and happy with, then you'll be able to recruit and keep happy workers. There are cost savings (from the company not buying devices) and supposedly increased productivity. But...
- during the employment relationship or at termination, it's hard/impossible to get access to employee-owned devices to confirm misappropriation of trade secrets;
- such devices are loaded with personal data -- financial data on taxes and investments, family or other personal photos, videos, etc. - greater likelihood of friends, family members, etc. borrowing or using a personal device and thus exposed to company information.
- some security solutions like keystroke/keylogging software really are bad mojo to try sneaking onto a person's personal device.
- lack of separation between work and home devices also opens up more potential opportunity to malware that can cause bigger problems re: hackers and breaches.
Learn more about this complex topic with the PrivacyRules expert John Eastwood from Eiger in Taiwan
With the ever-increasing presence of technology in the workplace and the risks associated with the use of digital tools, information sharing and employees working from home, control measures in Norway are on the rise. Such, measures, ranging from access controls to GPS tracking, are subject to the GDPR as incorporated into the Norwegian Personal Data Act. Furthermore, the Norwegian Working Environment Act and its appurtenant regulations impose several procedural obligations on employers wishing to implement control measures in the workplace. Failure to comply with these obligations could not only expose the employer to potential liability and loss of reputation, but also render any evidence gathered through the measure inadmissible before the Norwegian courts.
Our Norwegian expert, Alexander Mollan from Brækhus Advokatfirma DA, delves into this complicated patchwork of laws in order to provide you with some practical tips on how to avoid any risk dealing with this sector.