Get Free Downloads
Start your GDPR today in just a few clicks
      
Get Free Downloads
Start your GDPR today in just a few clicks

Employees Get GDPR Fine

Tagged with GDPR HELP, GDPR ADVICE, GDPR
by Adam Brogden
in Blog

25-Nov-2019 10:46

Most employers understand the importance of meeting GDPR requirements however it’s more difficult to convince employees that it is just as important to them. However GDPR does clearly make employees accountable for their actions - GDPR makes them also accountable for their mistakes, failures, or malicious actions. They should know that employees could face criminal prosecution if they access or share personal data without a valid reason The Information Commissioner’s Office has recently prosecuted two employees and this should be considered a warning to all! The warning came after Birmingham Magistrates' Court fined two workers in separate cases for breaching data protection laws.

One employee who was employed at the Heart of England NHS Foundation Trust (HEFT) was prosecuted when she unlawfully accessed the personal records of 14 individuals between February 2017 and August 2017.

The Court heard that as part of her job, Mshe was authorised to access records of adults on two separate systems – HEFT’s iCare and CareFirst from Solihull Metropolitan Borough Council. But an internal investigation found that she had viewed personal data of seven family members on iCare and seven children known to her on CareFirst. There was no business need for her to do this and so, she broke data protection law. The employee pleaded guilty to breaching s55 and s60 of the Data Protection Act 1998 (DPA1998) when she appeared at Birmingham Magistrates' Court on 15 March 2019. She was fined £1,000, with a £50 victim surcharge, and was ordered to pay £590 towards prosecution costs.

In a separate case, the Court heard that another employee forwarded several work emails containing personal data of customers and other employees to her personal email account in August 2017, weeks before resigning from her role at V12 Sports and Classics Ltd. At Birmingham Magistrates' Court on 15 March 2019, she admitted to three offences of unlawfully obtaining personal data in breach of s55 and s60 of the DPA1998. She was fined £200, with a £30 victim surcharge, and was ordered to pay £590 towards prosecution costs.