JISCMail - DATA-PROTECTION Archives

That's brilliant - thanks for sharing this Peter.

KR

Heléna Ashton AMBCS |Information Governance Manager – Connecting Care
NHS South, Central and West Commissioning Support Unit
Fifth Floor – South Plaza, Marlborough Street, Bristol, BS1 3NX,
T: 0117 900 2180 | E:  [log in to unmask] | M: 07768 978885
www.protectinginfo.nhs.uk | www.scwcsu.nhs.uk


-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Peter Dinsdale
Sent: 03 July 2018 13:27
To: [log in to unmask]
Subject: Re: [data-protection] As basic as it gets

Hi Phil,

This is something I was wondering about a couple of months ago, but the ICO's guidance wasn't exactly definitive on the matter (and has now vanished from its website).

However this handbook - http://fra.europa.eu/en/publication/2018/handbook-european-data-protection-law - states that:

"‘Recipient’ is a broader term than ‘third party’. In the meaning of Article 4 (9) of the GDPR, a recipient means “a natural or legal person, public authority, agency or another body, to which data are disclosed, whether a third party or not”. This recipient may either be a person outside the controller or processor – this would then be a third party – or someone inside the controller or processor, such as an employee or another division within the same company or authority.

The distinction between recipients and third parties is important only because of the conditions for lawful disclosure of data. The employees of a controller or processor may be recipients of personal data without further legal requirement if they are involved in the processing operations of the controller or processor. Whereas, a third party, being separate from the controller or processor, is not authorised to use the personal data a  controller processes, unless on specific legal grounds in a specific case."


Seems fairly definitive to me, if you consider the source to be authoritative.

Regards,
Peter


Peter Dinsdale
Data Protection Consultant

Perfect Image /
T: 0191 238 0111
www.perfect-image.co.uk

Follow us on Twitter http://twitter.com/perfectimage

-----Original Message-----
From: This list is for those interested in Data Protection issues <[log in to unmask]> On Behalf Of Phil Bradshaw
Sent: 03 July 2018 12:05
To: [log in to unmask]
Subject: [data-protection] As basic as it gets

Definition: ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. GDPR Art 4.

Is an employee who legitimately looks at my personnel file a recipient?

In the sense that he has seen it my personal data has been disclosed to him. On the other hand it doesn't seem an entirely  natural use of "recipient" or "disclose".

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________

________________________________

Save paper, please think twice before printing this email.

Equinox House | Cobalt 3.2 | Cobalt Business Park | Silver Fox Way | North Tyneside | Newcastle upon Tyne | NE27 0QJ
T. 0191 238 0111 | F. 0191 238 0127 | Service Desk Direct Line. 0191 238 0121
Perfect Image Ltd. Registered in England & Wales. Company Registration Number: 2650067
Registered Office: Equinox House, Cobalt 3.2, Cobalt Business Park, Silver Fox Way, North Tyneside, Newcastle upon Tyne, NE27 0QJ

This e-mail is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not represent those of Perfect Image Ltd. If you are not the intended recipient, please notify us at [log in to unmask] and be advised that you have received this mail in error and that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


********************************************************************************************************************

This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.

For more information and to find out how you can switch, https://portal.nhs.net/help/joiningnhsmail


^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^