Hi Simon,
Yes, this is likely to be personal data, I would argue.
It appears your HR staff may have confused 'data processing' with 'data transfer'. In terms of liability, this is part of compulsory staff training i.e. required I assume. In this situation, the data controller (employer) has responsibility to ensure that personal data is processed in line with the DPA, even where this is via a third party.
So, although the external site may be a data controller for 'new' data generated, they are also processing data on behalf of the original data controller i.e. the employer I would have thought.
Cheers,
Jackie.
Jackie Milne | Legal Information Specialist | JISC Legal | T 0141 548 4939 | E [log in to unmask]
Visit our website: www.jisclegal.ac.uk
Subscribe to our newsletter: www.jisclegal.ac.uk/newsletter
Follow us on Twitter: twitter.com/jisclegal
Tune in via Vimeo: vimeo.com/jisclegal
Linkedin: www.linkedin.com/company/jisc-legal
JISC Legal is hosted by the University of Strathclyde, a charitable body, registered in Scotland, with registration number SC015263
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|