The payroll data leak at Morrisons ‘serves as a stark reminder of the financial and reputational issues at stake in the event of a data breach’ and, given the impending introduction of the General Data Protection Regulations (GDPR), highlights the need to have effective systems in place.
The reminder, from global law firm K&L Gates, follows the High Court decision in Various Claimants v Morrisons that, as a data controller, the supermarket giant was liable for it's rogue employee’s breach of the Data Protection Act (DPA) 1998, despite being fully compliant with its obligations.
GDPR will be introduced in May and will replace the existing DPA, imposing further regulations on the use of data.
In a Lexology article, Sarah Turpin, Partner; Sarah Emerson, Senior Associate; and, Alexander Bradley-Stitch, Associate, all from K&L Gates, said: ‘The GDPR greatly widens the potential liability of data controllers for the loss of protected data and may well lead to an increase in claims by employees, customers, business partners and others whose personal data has been compromised.
‘This new law makes the need for companies to have effective systems in place all the more acute,’ added the trio.
To ensure payroll professionals are aware of their duties, the Learn Centre is running a half-day course on GDPR.
