I'd guess that there's a misunderstanding of consent and when to use it as legal basis. There's not much my employer does in employment terms that I have a choice about and the ICO specifically says not to use consent because of the imbalance of power. You might need to look at employment contracts and whether the staff concerned have two employers.
If organisation A, my employer, wants me to do some work on behalf of organisation B, I'm still under contract to Org A and Org B has no need for any personnel data. If I have a joint contract then I am employed by both orgs and any sharing of data necessary should be established in my contract of employment. You're looking at Art 6(1)(b) for employment contract and Art9(2)(b) for special category data, not consent.
I would think that the sections I've listed above are your legal basis in DP terms, and it's then HR/Legal's job to make sure that the contract(s) of employment establish how the situation will work and whether any sharing of personnel data is necessary. If necessary, then how and when it should be done. Nothing in this situation should cause staff any worry because everything should be laid out clearly in contract of employment and HR policies.
Victoria Blyth
Information Strategy Manager (Interim Data Protection Officer)
Information Management Team
London Borough of Barnet, North London Business Park, Oakleigh Road South, London N11 1NP
Tel: 020 8359 2015
please consider the environment - do you really need to print this email?
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Chris Tinsley
Sent: 12 July 2018 08:49
To: [log in to unmask]
Subject: Re: [data-protection] Sharing of staff data
You might think so, but then why would they be asking for consent to allow the sharing in the first place. It could just be sloppy, belts and braces practice.
Chris
Sent by me
> On 12 Jul 2018, at 08:46, Jon Baines <[log in to unmask]> wrote:
>
> One would assume their employment contract covers it?
>
> Jon Baines,
> Chair,
> NADPO
>
>> On 12 Jul 2018, at 08:43, Chris Tinsley <[log in to unmask]> wrote:
>>
>> Good morning all
>>
>> An NHS organisation I work with shares members of staff with a Local Authority to perform some compatible functions such as Commissioning. This is done under a Section 113 agreement of the Local Government act 1972. They are now looking to extend this function in to other areas.
>>
>> Part of this involves the sharing of personnel files. This has up to now been done with consent.
>>
>> With the extension of this in to other areas there is a requirement to share more staff files and a sudsequent worry by some members of staff about their jobs.
>>
>> I believe GDPR restricts the use of consent as a means of processing in a works context so we should cease sharing these files using consent, I can’t see how it can be freely given.
>>
>> Has anyone come across this before and how would you get round the consent issue with sharing personnel files?
>>
>> I have asked HR for an opinion as I am way out of my comfort zone with this.
>>
>> Chris
>>
>>
>> Sent by me
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask] All user
>> commands can be found at
>> https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
>> Any queries about sending or receiving messages please send to the list owner
>> [log in to unmask]
>> Full help Desk - please email [log in to unmask] describing your needs
>> To receive these emails in HTML format send the command:
>> SET data-protection HTML to [log in to unmask] (all
>> commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This email and any attachments to it are intended solely for the individual to whom it is addressed. It may contain sensitive or confidential material and should be handled accordingly. However, it is recognised that, as an intended recipient of this email, you may wish to share it with those who have a legitimate interest in the contents.
If you have received this email in error and you are not the intended recipient you must not disclose, distribute, copy or print any of the information contained or attached within it, all copies must be deleted from your system. Please notify the sender immediately.
Whilst we take reasonable steps to identify software viruses, any attachments to this email may contain viruses which our anti-virus software has failed to identify. No liability can be accepted, and you should therefore carry out your own anti-virus checks before opening any documents.
Please note: Information contained in this e-mail may be subject to public disclosure under the Freedom of Information Act 2000 or the Environmental Information Regulations 2004.
This message has been scanned for malware by Websense. www.websense.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|