Tweet
Hi. I am writing to get an advise regarding GDPR breach at workplace. Yesterday, when I was on annual leave, my site manager sent an email to security company, who is doing a service for our site. He instructed the security company that I am out of hours point of contact and shared my private mobile number. This never was discussed with me and I wasn't aware of it. Can company be sued for it or reported?
Loading...
-
Tags: None -
Did you originally provide your mobile number to your employer so that it could be used to contact you for work purposes?
If not how did your manager get it?All opinions expressed are based on my personal experience. I am not a lawyer and do not hold any legal qualifications. -
Hi. It's my personal number given to my employer as an emergency contact. In this case this was shared with external security company which is not right I believe.Comment
-
But it was shared for a business purpose because your employer says that you are the emergency out of hours contact.
This doesn't feel like a GDPR issue to me but an employment one. Your employer thinks being the emergency out of hours contact is part of your job, you don't. That's what needs to be resolved.
If in fact being the emergency out of hours contact is part of your job then it was probably reasonable for your number to be given to a security contractor working on site. We don't know exactly what the setup is but it sounds like the sort thing where the security contractor might legitimately need to contact the company representative out of hours.Last edited by PallasAthena; Yesterday, 11:55:AM.All opinions expressed are based on my personal experience. I am not a lawyer and do not hold any legal qualifications.Comment
-
Here's what to do if you have a complaint about how your employer has handled your personal data: https://ico.org.uk/for-the-public/ho...ion-complaint/Lawyer (solicitor) - retired from practice, now supervising solicitor in a university law clinic. I do not advise by private message.
Litigants in Person should download and read the Judiciary's handbook for litigants in person: https://www.judiciary.uk/wp-content/..._in_Person.pdfComment
-
If you were to make an official complaint about this to the ICO, your employers justification for sending the email containing any information relating to yourself would most likely be 'Legitimate interest' as you have given them your phone number and it was used for a genuine business reason. I think it's unlikely that the ICO would see it as a data breach (but not definitive) unless you have evidence that the security company who received it has not kept it secure and used it for purposes other than the reason it was given for.
On top of this, reporting your employer for this is a serious escalation of an issue and I kind of feel that it might be hitting the self destruct button on your career as no employer is going to thank you for being scrutinised by the ICO. Perhaps consider having a chat with someone explaining how you value your privacy and would appreciate being asked in future? GDPR is a very misunderstood area of employment law (in my view) for a lot of employers, and you're right to question their practices as employees should be aware of how their data is used and stored.
Have a conversation with them if you feel it's needed, tell them how you feel (but try to keep it amicable), and if it happens again you'll be able to reassess the situation then as you'll have given them instructions on how you wish your data is to be used.Comment
Welcome to LegalBeagles
LegalBeagles is a free forum, founded in May 2007, providing legal guidance and support to consumers and SME's across a range of legal areas.
See more
See less
Comment