BCLP At Work

BCLP At Work

GDPR

Main Content

GDPR HR series: Data breaches – what you need to do when you discover a data breach

Welcome to the third post in our ‘GDPR HR Issues’ blog series. Drawing on key insights from across Bryan Cave Leighton Paisner’s global Employment & Labor team, the series highlights key GDPR issues affecting employers.

This blog focuses on new obligations imposed by the GDPR to notify the relevant supervisory data protection authority (“DPA”) and those individuals whose data have been violated, when an employer becomes aware of a violation affecting personal data that it processes (a “data breach”).

If an employer discovers that the personal data it holds concerning its employees is, for example, accidentally accessed by a third party without authorization, what practical steps should it take to manage such a breach?

  • What is a “data breach”?
  • A personal data breach occurs when a breach of security affects the personal data’s confidentiality (unauthorized disclosure or access to the data), integrity (data is involuntarily or unlawfully modified

    GDPR HR Series: Subject Access Requests Under the New Regime – What You Need to Know

    Welcome to the 2nd post in our ‘GDPR HR Issues’ blog series. Drawing on key insights from across Bryan Cave Leighton Paisner’s global Employment & Labor team, the series highlights key GDPR issues affecting employers.

    With the General Data Protection Regulation (‘GDPR’) coming into effect today, employers with EU-based staff need to ensure that they properly comply with the new regime. Failure to do so can result in significant fines and disruption to your business.

    This blog focuses on the changes made by GDPR to a fundamental data protection right – an employee’s right to find out what information their employer holds on them by making a data subject access request (‘DSAR’).

  • Complying with a DSAR can involve a lot of work and significant cost, not least because the request may require the employer to search in many different places for the employee information, which by its nature may not
  • GDPR HR Series: Employee Information Notices About Personal Data – Your Key Questions Answered

    Following the combination of the Labor & Employment practices at Bryan Cave and BLP, Bryan Cave Leighton Paisner’s combined team now includes over 120 employment lawyers in offices across the US, UK, France, Germany and Russia, with excellent capabilities and a strong network in Asia. Committed to collaboration, and with our strengthened offering, experience and substantive knowledge advising clients on GDPR, we bring you our new ‘GDPR HR Issues’  blog series. Drawing on key insights from across our team, the series highlights the key GDPR issues affecting employers.

    The General Data Protection Regulation (‘GDPR’) comes into force in less than two months. From an HR perspective it imposes data obligations on any US, European or other employer with EU-based staff. Failure to comply with the GDPR regime can result in significant fines and disruption to your business. Are you ready?

    Our first blog deals with ‘privacy notices’ aimed at staff.

    Less than 90 days to go – are you GDPR compliant?

    “GDPR – please not again …” In recent times there is hardly any other legal topic more often written and talked about than the new EU General Data Protection Regulation (“GDPR”).

    In light of the severe penalties and with less than 100 days until the GDPR goes into full effect (on May 25th, 2018), it is time for U.S. companies to take steps to prepare. Below are some key points to consider and pragmatic to-dos to assist in assessing whether your organization is ready for GDPR compliance.

    • GDPR may apply to U.S.-based companies with zero employees and no offices within the boundaries of the EU territory

    While the EU Data Protection Directive of 1995 did not apply to businesses outside the EU territory, this is no longer the case under GDPR.

    Now any business may be subject to the new law if it processes personal data of an

    The attorneys of Bryan Cave LLP make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.