Last month, The Global Background Screener published useful updates on GDPR news around Europe.
All content in this article originally appeared in The Global Background Screener.
Spanish Data Protection Authority Issues Highest GDPR Fine To Date
The Spanish Data Protection Authority has recently issued its highest fine to date, totalling 8.15 million euros, for several breaches of GDPR and national legislation by a multinational telecommunication company and its service providers. Notably, 2 million of the fine was attributable to its service provider conducting an international transfer of personal data to a country that did not comply with the European data protection requirements.
New Swiss Data Protection Law: An Overview of the Most Important Revisions of the Swiss Federal Act on Data Protection
At the end of September 2020, after a legislative process of almost four years, both chambers of the Swiss Parliament approved the revised Federal Act on Data Protection. The regulations companies that process data will have to comply with in Switzerland in the future are now clear. It is not yet clear when the Federal Council will bring the revised FADP into force. Until the Federal Council announces the date, it will still be necessary to wait until the referendum period has expired. The FADP does not provide for any transitional periods, so companies should comply now.
Swiss Authority's Summary of its GDPR-like Revised Federal Law
In its 2020 session, the Swiss Parliament passed the revised Federal Data Protection Act (FADP), which should go into effect in the second half of 2022. The Swiss supervisory authority, the Federal Data Protection, and Information Commissioner (FDPIC), has published a document outlining the important amendments.
Draft EU Adequacy Decision Paves the Way for Smooth EU-UK Data Flows Post-Brexit
In March, the European Commission announced a preliminary determination that the UK provides adequate privacy protections, a critical step for personal data transfers between the EU and the UK after Brexit. The GDPR restricts the transfer of personal data outside the EEA, and the UK’s recent departure from the EU means that companies will need a valid mechanism to transfer personal data to the UK – now considered a “third country” for purposes of the GDPR. Although companies can rely upon Standard Contractual Clauses or Binding Corporate Rules, companies should be mindful that there may be new obligations created post-Brexit with respect to data processing.
Home Office Publishes New Guidance on Right to Work Checks for European Nationals
Free movement under EU law ended on December 31, 2020 and there are now different immigration rules applicable to EU, EEA and Swiss nationals, depending on whether the European national first arrived in the UK before or after December 31, 2020. These changes also impact Right to Work checks. Employers should carry out Right to Work checks before an employee starts work. If they do not, the employer will not have a statutory excuse against a civil penalty of up to £20,000 if it is later discovered that the person is working in the UK illegally.
Home Office Issues Further Guidance on Right to Work Checks for EEA Nationals During Grace Period
The Home Office has provided UK employers with further details about which actions they may take when checking the Right to Work of EEA nationals and their family members during the post-transition grace period from January 1, 2021 until June 30, 2021. The guidance is contained in an updated version of the Right to Work checks: an employers guide, which was published on March 17, 2021. Credence adds that the government has since issued further information, detailed in an earlier blog post.
Transfers of Personal Data to the UK - EU Commission Issues Positive Draft Decision on UK Adequacy
Following the UK’s exit from the EU, the UK became a third country. The UK-EU Trade and Cooperation Agreement established a temporary framework to allow personal data to continue flowing freely between the Eu and UK for business and law enforcement until June 30, 2021. What is the status of legislation that will allow the flow of data after that date?
UK Data Protection Law After Brexit
Among the arrangements that went into effect at the end of the Brexit transition in December 2020 was a new arrangement related to the protection of personal data. An Article discusses the law in relation to data protection following Brexit. It is of relevance to businesses, third sector, or public sector organisations who process personal data, particularly if they transfer personal data outside the UK.
Women "Almost Twice as Likely" to have Criminal records Disclosed When Applying for Work
Women are almost twice as likely as men to have their criminal records disclosed when applying for a job, and to suffer “sustained stigma” from employers, a new study has found. The report, by criminal justice charity Unlock, says that women are more likely to have their criminal record revealed in a DBS check when applying for a job, because female-dominated sectors, such as education, require more checks. Dr Rachel Tynan, of unlock, told The Independent that women with criminal records are sometimes “judged more harshly” by employers when applying for jobs.