Search
  • Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

GDPR Breach?

Collapse
Loading...
X
Collapse
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous Next
  • #1

    GDPR Breach?

    Hi, thank you for taking the time to read this.

    Can anyone confirm if my experience is a clear data breach and it’s severity please.

    I work for a large contractor that is currently having costs audited by a consultant on behalf of the client. The consultant was permitted to sit with payroll and be shown how the process follows through. Somehow the consultant (I am told he made notes) of my employee number, my salary, my car allowance and bonus I received for that year.

    This information was documented on an excel sheet. The consultant was apparently given notice and a new consultant company was brought in. The new consultant emailed this spreadsheet to myself, a colleague and a third party I have never met.

    My company originally confirmed that they felt it was a data breach and raised this directly with the relevant client department. They have concluded a supposed investigation and have advised me that although they agree it is an uncomfortable situation they do not believe they are in breach. We are currently negotiating an extension with the client and my company have now gone cold despite the support at the outset. They have now said to me that the ball is in my court if I wish to refer to ISO.

    any advice would be appreciated.

    Tags: None
  • #2
    Does your employer have a privacy policy? If so, have you looked at it, and how does what happened compare with the policy?
    Lawyer (solicitor) - retired from practice, now supervising solicitor in a university law clinic. I do not advise by private message.

    Guides and handbooks for Litigants in Person - :

    https://legalbeagles.info/forums/for...60#post1701560
    • 1 thank

    Comment

    • #3
      Hi, it does and I will read through it and get back. Thanks

      Comment

      • #4
        The answer to your question could go both ways. The key question is whether or not the information that the personal information gathered by the auditor was relevant and necessary for the purposes of the costs audit.

        My initial thoughts would be to understand how the contractor charges out to the client. Quite often, contractors and consultancies will charge an hourly or day rate to clients. That rate may be based on the salary they pay their employees or subcontractors plus a percentage mark up. If that is the way the contractor is charging the client, I don't immediately see how the auditor requires individual information about each contractor's personal finances and expenditure. Rather, the auditor should be looking at the hourly/day rates charged by the contractor to the client to ensure they have been properly invoiced, there are no overpayments etc.

        Now, that being said, the GDPR allows personal data to be processed if there is a legitimate interest in doing so and this sort of action may fall under the legitimate interest category. It also depends on what the contractor has signed up to in their contract with the client as to what audit rights the client has and how they should be exercised.

        If there is a data breach, it would likely be against the contractor for allowing the client to access that information if it was not necessary to do so and the audit could have been carried out by less intrusive means. If I were to guess, maybe the auditor wanted that information so the client could use that as a negotiating tool to justify paying less costs being charged to them. Of course the client is going to say they don't feel there is a breach but they would say that, wouldn't they?

        If you feel strongly about, you can make a complaint to the ICO for investigation.
        If you have a question about the voluntary termination process, please read this guide first, as it should have all the answers you need. Please do not hijack another person's thread as I will not respond to you
        - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
        LEGAL DISCLAIMER
        Please be aware that this is a public forum and is therefore accessible to anyone. The content I post on this forum is not intended to be legal advice nor does it establish any client-lawyer type relationship between you and me. Therefore any use of my content is at your own risk and I cannot be held responsible in any way. It is always recommended that you seek independent legal advice.
        • 1 thank

        Comment

        • #5
          Thank you. The contract is an nec 3. We have item rates for an activity that incorporates a % fee for overheads of which my salary is included. We have never passed individual breakdowns to the client. It has always been an overall sum against a number of employees. What are your thoughts on my salary etc being emailed to colleagues inside and outside the business? If I am to be honest this where my biggest concern is as it has exposed me to bitterness due to comparison of salary . Really appreciate your reply.

          Comment

          Previous Next

          View our Terms and Conditions

          LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

          If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


          If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
          Working...
          X