What you have to know about gdpr and how it can breach your private life data


The Data Protection Act 1998 aimed to balance the entitlement of organisations to collect, store and manage various types of personal data, with the privacy rights of the individual about whom the data was held.

The Act covered both manual and computerized records that, when put together with other information, could divulge personal information about an individual. It gave individuals certain rights, and required decision-makers to be open about processing and to comply with the eight data protection principles.

On 25 May 2018, the Data Protection Act was replaced by the General Data Protection Regulation (GDPR). There are no exemptions based on a size or sector — all organisations must comply with its requirements in full or face a hefty potential fine. On the whole, the rights individuals enjoy under the GDPR are the same as before but with some significant enhancements.

Special category data is personal data which the GDPR says is more sensitive, and so needs more protection. Special category data is broadly similar to the concept of sensitive personal data under the Data Protection Act 1998. The requirement to identify a specific condition for processing this type of data is also very similar.

One change is that the GDPR includes genetic data and some biometric data in the definition. Another is that it does not include personal data relating to criminal offences and convictions.

What is the problem with GDPR and privacy ?

Today, more and more companies “repose trust on their employees’ consent” to process their personal data and short consents are often included in employment contracts for that purpose.  The problem comes when big companies with some secret contracts access your private data to fear you without any special reason.

Having personal data stolen can have a significant impact on your mental and physical wellbeing. More and more frequently, come to the light cases from people who are unable to sleep, feel ill, unsettled or confused following a data breach.

It is more and more easy to spy on you using the data you’ve put on a wifi network or through your email. There are spy machines capable to track you wherever you are when they want. And there are many examples of personal data which have been hacked and even sold to companies or given to foreign governments as Al Jazeera documentary revealed some weeks ago.

GDPR deals with employee records as personal data  such as human resource’s employee files, which can cover, besides all the usual identifiers (name, address and photos), personal details such as health, financial, employee reviews, family contact information, and more.

In papers, under the General Data Protection Regulation (GDPR), the requirements for valid consent have been made much stricter.  Consent must be freely-given, specific, informed and revocable.  The GDPR expressly states that, where there is an imbalance of power between the party giving consent and the party receiving it, consent will not be valid.  In the employment context, it has long been acknowledged that there is such an imbalance between employer and employee.  This means that it will be very difficult indeed for employers to rely on consent to process employees’ personal data under the GDPR.

GDPR as a potential Threat to Personal Life?

Unfortunately, due to the actions of some of Europe’s most trusted companies, GDPR has become an essential step in ensuring the protection of EU citizen’s data. For instance, regarding the United Kingdom, on this site are cited eight costly UK data breaches that helped pave the way for new EU legislation.

Before any surveillance can take place under GDPR rules, organisations must create a policy that lets employees know the circumstances of monitoring and their expectations of fair use. The ECHR’s ruling is clear that some personal use must be tolerated, saying: “An employer’s instructions could not reduce private social life in the workplace to zero”.

As private communication meets the definition of personal data (as described in Article 4 of the GDPR), organisations must prove that they have a lawful ground to collect and monitor this information.

According to Article 4 of the GDPR, a personal data breach is a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data stored, transmitted or otherwise processed by the organization. This also includes incidents that result in personal data being only temporarily lost or unavailable. It’s critical to understand that this definition differs dramatically from those in other standards, such as HIPAA, which often limit the concept of data breach to unauthorized access and disclosure only.

Breaches of data within the workplace can relate to pay & conditions, sickness & absenteeism, disciplinary & grievance disputes and even private medical information which is shared and/or disclosed inappropriately.

At EU level, the European Network and Information Security Agency (ENISA) has released some practical tips on how to implement homeworking software.

Major requirements of GDPR (summary)

Employees Have Data Privacy Rights

Typically, an employee has given consent to processing of her data as part of an employment contact. But since the employee likely had no choice but to sign the contract in order to get the job, the GDPR does not consider this freely given.

Many people have mistakenly thought this means getting consent, but not only is consent hard to get and keep, the GDPR says an employee cannot give consent to an employer because of the inherent imbalance of power. In other words, consent can’t be “freely given” if the data subject faces a potential negative effect from not consenting. It’s reasonable to expect that an employee might fear for their job (or at least fear losing favour among their bosses) if they don’t consent to being monitored.

And that also means, with some restrictions, that employees gain privacy rights over their data: they can request, just as a consumers do, access to their personnel files, and have the right to correct errors.

There’s even an employee “right to be forgotten”, but only when the data is no longer necessary for the “purposes for which it was collected”. Obviously, employers have a wide claim to employee data so it’s easy to see that most employee file are protected from being deleted on demand.

CPO Magazine covered a GDPR fine that accompanied a data breach this time in the fashion and prêt à porter industry. The €35,258,707.95 (about $41 million USD) that fashion retailer H&M is on the hook for does not stem from a cloud server misconfiguration, but the massive penalty was levied due to the exposure of something more substantial than customer contact information, as the article analyses. The articles reveals as well, how due to the pandemic lockdown and work from home, some employers can breach some personal data through your own pc.

These potential violations of personal privacy are most often tied to tools that organizations adopt to rapidly scale up remote work capabilities, some of which have not been thoroughly vetted and tested before being deployed.

A 2019 data breach revealed that H&M had been creating highly inappropriate profiles of the private lives of some of its employees for at least five years. The company earned the GDPR fine by recording personal information gleaned from one-on-one conversations: religious beliefs, medical conditions and procedures, family issues and details about trips that they took while on vacation among other items. Supervisors at the company’s Nuremberg service center would take note of these details while conversing with employees and then log them in a database that up to 50 other managers had access to.

Anyone whose personal information has been compromised in a workplace data breach may have grounds to claim compensation. Ultimately, if a workplace has failed to protect your personal data, you have a right also to claim compensation.

The process for data access under GDPR will be mostly the same as it was under the Data Protection Act of 1998, but with a few slight differences. For starters, a person will need to file a subject access request (SAR) that, as noted by the Guardian, is simply “an email, fax or letter asking for their personal data.”

For clear guidelines on submitting an SAR, see the Subject access code of practice from the Information Commissioner’s Office (ICO). There is no particular format required, as long as the request is made in writing.

GDPR Breaches became more frequent during the current lockdowns accross the EU.

Security measures must be in place that are appropriate for the data held, including implementing strong passwords and encrypting electronic data. Workplaces should also strictly control who has access to sensitive data, making sure this is limited to those within the organisation who have a legitimate need to access the data in question.

Controllers and processors must have in place appropriate technical and organisational measures to ensure a level of security for personal data that is commensurate to the risk associated with data processing.  This is not a static analysis, but something to be kept under review as circumstances change.  The mass shift to remote working has inevitably changed the risk profile of certain data processing activities.

Due to covid19 and social distancing measures, has seen a sudden and unprecedented shift from the offline to the online world leads to an ever-increasing collection of personal data concerning employees.

For example, some videoconference platforms allow event hosts to analyse their participants’ attentiveness in real time. Others allow meetings to be recorded. Such recordings may include the participants’ voice, chats, and faces but also their private surroundings at home –as captured via their webcams- as well as the screens shared by the speakers.

According to a FieldFisher.com article, online monitoring is not so obvious for employees and can easily go unnoticed. In such circumstances, the border between lawful and covert surveillance is very thin. The Covid-19 crisis does not alter the principles and rules on which the protection of employees’ privacy is based.

Regardless of the technology, tools and third-party providers that are being used,  companies who offer homeworking tools to their employees must ensure that the processing of their employee data complies with the principles and rules under the General Data Protection Regulation (GDPR) and must also be aware of the specific rules that govern employees’ privacy under national laws.

For instance, regulators have imposed a fine of €10.4 million (roughly £9.3 million) on notebook retailer notebooksbilliger.de AG (NBB) after it was found to have conducted intrusive video surveillance against its employees.

When a personal data breach has occurred, you need to estimate the risks to people’s rights and freedoms. If it’s likely that there will be a risk, then you must notify the regulators; if it’s unlikely then you don’t have to report it.

Assessing the risks involves determining whether there will be negative consequences for individuals. Recital 85 explains that a breach can have various adverse effects on individuals, such as damage to reputation, physical and material damage, and other significant ill effects. If you decide not to inform regulators, you need to be able to justify your decision and prove those risks are unlikely to happen.

Sources on which this article was based :

Photo credit: Licence Creative Commons

Sponsored Post Learn from the experts: Create a successful blog with our brand new courseThe WordPress.com Blog

WordPress.com is excited to announce our newest offering: a course just for beginning bloggers where you’ll learn everything you need to know about blogging from the most trusted experts in the industry. We have helped millions of blogs get up and running, we know what works, and we want you to to know everything we know. This course provides all the fundamental skills and inspiration you need to get your blog started, an interactive community forum, and content updated annually.

How Democracy dies in a FRAGILE Dystopian New Brave World

Year 2021. “Big Brother” can access your data from everywhere with a small hacking application and basic “hacking knowledge” . Through your email, applications, camera. You’ve been watched. Everyone now is a threat to the so called “national security”. In this dystopian world you can put yourself silly questions you didn’t think before: “2+2 does 5 or we stay in 4”? 2020 proved already that “The memory hole” is simply a mechanism put in place  which often alienates or hides the Truth.

It was a bright cold day in April, and the clocks were strik- 
ing thirteen. George Orwell, "1984" beginning of the novel

April 2020. The majority of people we were confined to their houses because of the new pandemic. As Clocks were striking thirteen for days now, you start asking yourself in which world we live. As the days are passing and you use some logic you may realize that the extreme lockdown measures were unnecessary in some cases as not going out after 9pm until 5am. I was not aware that this virus can come and “rape” your health system during the night and not during the day. In some cases it is unnecessary as well to wear masks. On the face masks packages it is written that they cannot protect you from the Covid 19. Therefore what is the point to wear them in your village where you can hardly get in contact with someone in a distance smaller than 1,5 meters ?

A lot of questions but in this dystopian democracy if you ask them you are simply a conspiracy theorist or even more a threat to our so called democracy or what i could call a “democracy in vitro or inside a cage” if you prefer.

Looking back on its predictions and the state of the world today, how much did it get right in its predictions of a dystopian surveillance state where every word is monitored, unacceptable speech is deleted, history is rewritten or deleted altogether and individuals can become ‘unpersons’ for holding views disliked by those in power? It turns out Orwell’s predictions were frighteningly accurate.

Two of the most monstrous regimes in human history arised and fell during the 20th century, and both were predicated on the violation and despoiling of truth, on the knowledge that cynicism and weariness and fear can make people susceptible to the lies and false promises of leaders bent on unconditional power. As Hannah Arendt wrote in her 1951 book The Origins of Totalitarianism, “The ideal subject of totalitarian rule is not the convinced Nazi or the convinced communist, but people for whom the distinction between fact and fiction (ie the reality of experience) and the distinction between true and false (ie the standards of thought) no longer exist.”

In this new reality, you can always find the good lickers of the system who try to shut up your thoughts because they wish to be a part of this new totalitarian system to increase their social and financial benefits but when this system starts to hit people in their own environment or even them they start to get depressed or more violent. An example of this, is the corrupted Cyprus government, where i live and i observe that people who used to steal under the table the citizens, now are starting to fight their owns, in their own system, Citizens of the state we stay speechless as watching even the “Church” to take part in these cockfights or dogfights while the oligarchs are trying to find an exodus to take the money they stole outside or to hide how the whole system has been corrupted since the creation of the Cyprus Republic in 1960. It is well known that in newly established democracies, corruption can be often observed as a consequence of weak democracy.

In 2013, the Cypriot government asked for a bailout from the EU. The EU came during the night and took all deposits of 100 000 euros and above in the bank accounts of the Cypriots. Oligarchs knew from before that a cut in their deposits is more than possible to take place as the EU had a rage against Russian customers of the Cypriot banks. The consequence of this is the destruction of the weak economy and it will need years to overcome. The cut in the bank deposits affected mostly the Cypriot citizens who believed that they would be happy inside the EU while they could put pression to Turkey to solve the Cypriot problem. However, the Cypriot problem is more complicated that put sanctions to Turkey as the politicians never told the truth to Greek Cypriots.

In any case, warned us with his novel “1984” .The novel serves as a warning against absolute power of all kinds, against the manipulation of language, against the loss of independent thought. In 1949, critics thought the book might lose its relevance after the fall of communism. Here we are, 70 years later, with global authoritarianism on the rise, and fake news — and the manipulation of that very term itself — tearing at the fabric of democracy.

Why Orwell’s 1984 could be about now” ?

“Reading ‘1984,’ George Orwell’s claustrophobic fable of totalitarianism, is still a shock. First comes the start of recognition: we recognize what he describes. Doublethink (holding two contradictory thoughts at the same time), Newspeak, the Thought Police, the Ministry of Love that deals in pain, despair and annihilates any dissident, the Ministry of Peace that wages war, the novel-writing machines that pump out pornography to buy off the masses: Orwell opened our eyes to how regimes worked.

One can easily describe what we live today by another novel, Aldous Huxley’s ” Brave New World.” In complying with the government agenda, particularly at state level, we have forfeited our freedom as individuals, and generally speaking, are living under police-state regimes. Not far as to become truer today, as people are ordering “alpha males” embryos regarding their babies and not leave the nature to decide or the baby itself to choose its own future. A total dystopian society where you whether were born to become an astronaut or a butcher i could say in a bad way to describe this society.

In the world of Brave New World fiction, everyone was genetically preprogrammed to fit in different social statuses. The lowest social class is given ‘lower’ intelligence and has to work in factories. The upper class individuals were described as being good-looking, having (usually) perfect body shapes and being blessed with an affluent life. They can spend time going on vacations, taking drugs and having sex for fun. The higher the social status, the more intelligent and wealthy an individual would be. As readers, we are introduced to the story of a “savage” man, John, who came from the “uncivilized” area and interrupted the order of this new world. People come chasing after John; he brings huge fame to his friend Bernard, who utilizes him and brings him to the “civilized” place. John is even invited by the beautiful girl Lenina to have sex with her.

In this book, everyone was chasing after his or her own interests — the only exception was John, and he symbolically died at the end. These “civilized” people, to some extent, were just wantons — they had desires but did not consider the reasoning behind their desires, only knowing to chase the strongest one. This is why Lenina invited John to have sex with her when she found him to be sexually attractive, regardless of the fact that there was a huge social status difference between the two and their sexual intercourse was prohibited. Lenina had followed instructions since she was an infant, and she essentially lost her free will to do things, without the ability to even try to gain it back. This small episode is epitomic, and from there, Huxley askes us a few questions. Why did Lenina choose to have sex with John (even though John later rejected her) instead of following the instructions that had been inscribed to her? Why is there a clear boundary between different social classes? Are social classes pre-determined, and are they purposefully kept within a range by those in power? And the ultimate question: do people really have free will under this huge society machine? 

  • dystopian world watching

“At the moment, Brave New World’s vision of dystopia is more scary because it feels closer,” echoes Harry Lloyd (Game of Thrones), who plays a high-ranking member of New London society named Bernard Marx. “It’s nearer to our range. You wouldn’t burn books, but you could distract people enough to where they wouldn’t want to read them anymore.”

“It’s a hard call because Brave New World, on the surface, may seem like the lesser of the two evils because there is this pleasure,” adds Joseph Morgan (The Vampire Diaries), who plays an especially low-ranking member of New London society named CJack60. “But those people in Brave New World are prisoners in a cage, just like in Nineteen Eighty-Four. So, there’s this slow realization for them that they are completely controlled by this system, and I think that’s quite terrifying — to be controlled, to be a prisoner and not realize it.”

There’s always hope to end this decline of democracy soon if humanity unites against the hypocrisy of the corrupted elites.

Photo by Josh Hild on Pexels.com

Observation et analyse pour le Proche Orient

%d bloggers like this: