MARCH 2019 – ARTICLES & ITEMS OF INTEREST

Created with Sketch.

MARCH 2019 – ARTICLES & ITEMS OF INTEREST

 

EMPLOYMENT (MISCELLANEOUS PROVISIONS) ACT 2019

On the 4thMarch 2019 the Employment (Miscellaneous Provisions) Act 2019 came into force.  It makes a small number of significant changes to employment rights legislation and its key objective is to provide greater security and predictability of work for those on insecure contracts and those working variable hours.

The Department of Employment Affairs and Social Protection have set out very clearly and concisely on their website the changes resulting from the introduction of the Employment (Miscellaneous Provisions) Act 2019 see http://www.welfare.ie/en/Pages/Employment_(Miscellaneous_Provisions)_Act_2018.aspx

Their informative guide sets out the following: –

What legislation is being amended by the 2019 Act?

  • Changes to the Terms of Employment (Information) Act 1994
  • Sets out the key changes, THE “DAY 5” STATEMENT, what core terms an employer must notify the employee in writing of.
  • New Offences
  • Claims to the Workplace Relation Commission (WRC)
  • Protection against penalisation
  • Changes to the Organisation of Working Time Act 1995
  • Prohibition of Zero Hour Contracts
  • Minimum compensation payment in certain circumstances
  • Banded Hours provision
  • Changes to the Workplace Relations Act 2015
  • Fixed payment notices
  • And other changes to Unfair Dismissals Act 1995 & National Minimum Wage Acts 200 & 2015

The Employment (Miscellaneous Provisions) Act 2018 is also discussed by Melanie Crowley and Orla O’Leary in this month’s edition of the Law Society Gazette.

 

IS YOUR FIRM/ORGANISATION ABLE TO DEMONSTRATE ACCOUNTABILITY UNDER THE GDPR?

On the 5thMarch 2019 the Data Protection Commissioner published an article stating that the Global Privacy Enforcement Network’s (GPEN) annual intelligence gathering operation, called “a sweep”, looked at how well organisations have implemented the core concepts of accountability into their own privacy policies and programmes.

 

The GPEN made contact with 356 organisations in 18 countries and noted the following: –

  • When it comes to monitoring internal performance in relation to data protection standards, many organisations were found to fall short, with around a quarter who responded having no programmes in place to conduct self-assessments and/or internal audits.
  • Organisations were generally found to be quite good at giving data protection training to staff, but often failed to provide refresher training to existing staff.
  • The organisations that indicated that they have monitoring programmes in place generally gave examples of good practice, noting that they conduct annual audits or reviews and/or regular self-assessments.
  • Nearly three quarters of organisations across all sectors and jurisdictions had appointed an individual or team who would assume responsibility for ensuring that their organisation complied with relevant data protection rules and regulations.
  • Over half of the organisations surveyed indicated that they have documented incident response procedures, and that they maintain up to date records of all data security incidents and breaches. However, a number of organisations indicated that they have no processes in place to respond appropriately in the event of a data security incident.
  • practice note repeats and revises the positions as stated in the 2005 practice note in relation to the periods of retention following the completion of a transaction and deals with the deletion of a file.

 

In Ireland, the Sweep was conducted by contacting 30 randomly-selected organisations across a range of sectors and asking them to complete a table of questions relating to ‘Privacy Accountability’.  To view the results of these Irish findings and the news article in full, see https://www.dataprotection.ie/en/news-media/press-releases/global-privacy-enforcement-network-gpen-2018-sweep

 

LEGAL REPRESENTATIVES MAKING SAR’s ON BEHALF OF CLIENTS/PATIENTS

On the 7thMarch 2019 the Information Commissioner’s Office (ICO) published a blog on how the new Data Protection Laws have supported and strengthened a patient’s right to access their own medical records, it refers to requests by patients, insurers and legal representatives.

It states the British Medical Association (BMA) “have worked with the legal professionals to create a standard form which legal professionals can use”and there is a link to same.  The form sets out the patient’s/client’s clear authority for a specific request.  Legal Representatives always need to be mindful that they should only request data that they need for a specific purpose.  It also sets out what GP practices consider before granting an SAR.

To read the blog in full see https://ico.org.uk/about-the-ico/news-and-events/blog-why-the-right-of-access-to-patient-data-needn-t-be-a-headache-for-gps/

 

LAW SOCIETY PRACTICE NOTE – DATA RETENTION AND DESTRUCTION

Last month we stated that the Technology Committee and the Guidance and Ethics Committee advised they had issued a practice note on data retention and destruction of hard and soft copy files and it would be published in full in the March edition of the Gazette.

 

The practice note has been published and sets out clearly the retention periods for files in the different areas of law and the reasons for the retention period, it also advises in relation to the electronic storage and destruction of files.

 

To view the practice note see https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2019/march-2019-gazette.pdf#page=64

 

DPC BLOG – “DOES THE GDPR REALLY SAY THAT?”

The Data Protection Commission website is set to publish a series of blog posts where it intends to address myths, rumours and misunderstandings surrounding the GDPR and Data Protection Laws.

The blog published on the 11thMarch 2019 titled “Does the GDPR really say that” discusses the following “Does the GDPR really prevent my hairdresser from telling me what hair-dye has been used on me?”, “Does the GDPR prevent the fire brigade from telling a management company if an apartment has gone on fire?”, “Does the GDPR interfere with paramedics doing their jobs?”and “Did the GDPR put a stop to community-based CCTV schemes?”

To view the blog in full, see https://www.dataprotection.ie/en/does-gdpr-really-say