In order to process personal data, there must be a lawful basis to do so. The lawful grounds for processing personal data are set out in Article 6 of the GDPR, namely: -
1. The individual has given consent;
2. The process is necessary for the performance of a contract.
3. The process is necessary to comply with a legal obligation.
4. Necessary to protect a person’s life and vital interests;
5. Necessary for the performance of a task carried out in the public interest or one’s official functions; or
6. In the legitimate interests of the company/organisation (except where those interests are overridden by the interests or rights and freedoms of the data subject).
The lawful purpose requires that the processing be ‘necessary’ for a specific purpose, and if an employer can reasonably achieve the same purpose without the processing, it is unlikely that the purpose would be lawful.
Apart from the above rights, there is a little-known provision under section 170 of the Data Protection Act 2018 that creates criminal liability for individuals if they access personal data without just cause and there has been a recent criminal case where a health worker was convicted of breach of section 170 when he unlawfully accessed personal records of 14 patients known to him whilst working for South Warwickshire NHS Foundation Trust who had no knowledge of the breach, which had taken place over a few months and where the employee had no valid reason for his conduct.
The employee admitted to the offence and was ordered to pay £250 compensation to 12 patients, totalling £3,000, who had been affected by the breach.
The above case highlights that just because a job may give access to other people’s personal information, that doesn’t mean the employee would have the legal right to look at it if it does not fall within Article 6 of the GDPR exceptions, and thus employers must ensure that their staff are aware of the serious implications of breaching the provisions.
The article is for informational and educational purposes only and should not be relied upon as legal advice.
Should you need any further assistance on the matter, please do not hesitate to call our advice-line team for free on 0116 274 9193.
