Recent content by MisterMann

  1. M

    Employee requests their 'personal data' under GDPR

    I suppose I am asking the question because where a non-specific request meets GDPR the scope is potentially huge, and in that hugeness I believe it becomes "manifestly excessive". What constitutes personal data? The GDPR’s definition of personal data is now also much broader than under the DPA...
  2. M

    Employee requests their 'personal data' under GDPR

    And if the request is limited to their personnel file, statement of earnings, etc. then I would agree with you completely and in fact it is easily done and can be responded to well within one month. But we do hold a lot more data than is found in those files, for instance our job records hold...
  3. M

    Employee requests their 'personal data' under GDPR

    This is why I am asking. Personal data under GDPR could include every email they ever sent. But since we don't have to provide them with confidential business information then each email would need to be manually checked... and in doing that becomes "manifestly excessive". No?
  4. M

    Employee requests their 'personal data' under GDPR

    That would be common sense. But my understanding is that under GDPR any data we hold that contains personally identifiable data, i.e. where the data is logged against a specific individual who can be identified, falls under the definition of "personal data". Hence me asking them to be more...
  5. M

    Employee requests their 'personal data' under GDPR

    Hi there. Bit of an interesting one. An employee who is leaving us has by email requested a copy of their "personal data" which is their right under the new GDPR, they tell me. Fair enough, I have no argument with that. However, the request is not very specific. Unless they get specific I will...
See more
Top Bottom
Community
Articles
Menu