Sponsored Content
Paul Byrne, of PropelFwd, highlights the importance of trust and transparency when it comes to handling data
THIS month, I wanted to tell a story to bring data protection to life. This is a fictional story about a new employee.
Emma sat nervously in the reception area of Sterling Capital, waiting for her final interview. The company was a well-respected name in the finance sector, and securing a role as a manager would be a significant step in her career.
As she adjusted her blazer, she noticed the discreet CCTV camera in the corner of the room. It was one of many. She had spotted them at the entrance and exit, in the lifts and on the stairways. It was only after a receptionist casually mentioned that the cameras in reception also recorded audio that she felt the first pang of concern.
Once hired, Emma settled into her new role, overseeing a team of 30 employees. As a middle manager, she had access to a substantial amount of personal data including her team members’ full names, addresses, salaries, performance records and absence history. She could even see their recorded entry and exit times, logged through the company’s fingerprint scanning system. Every morning and evening, the system silently captured the precise moment each employee started and finished work.
It wasn’t long before Emma realised the weight of the responsibility she carried. The Data Protection (Jersey) Law 2018 granted her colleagues certain rights over their data – rights that Sterling Capital, as their employer, was obligated to uphold. They had the right to know what personal data was being collected, why it was necessary and how long it would be stored. They could request access to their information, correct inaccuracies and even ask for their data to be erased under certain circumstances. The company had a duty to process this data lawfully, fairly and transparently, ensuring it was adequately protected from unauthorised access.
Emma soon began questioning her own access to sensitive information. She could view details about her team’s absences, including medical-related leave. The company trusted her to use this data appropriately, but there were no strict access controls preventing her from viewing information she did not necessarily need to see. What if an unauthorised person managed to view salary details or disciplinary records? The organisation had a duty to ensure that access was strictly limited to those with a legitimate need.
Then there was the matter of the CCTV. While security was a legitimate concern, employees had a right to privacy. The cameras at entry and exit points logged employees’ comings and goings, with fingerprint scans tracking exact times. The CCTV in reception, however, was even more intrusive. It recorded audio, meaning that confidential conversations – between colleagues, visitors or even a personal phone call – were captured and stored. Any form of surveillance had to be necessary and proportionate, and employers had to justify its use through a proper Data Protection Impact Assessment.
For organisations such as Sterling Capital, compliance with the Data Protection (Jersey) Law 2018 is not just about avoiding penalties; it is about maintaining trust. Employers must be transparent about the data they collect, ensure that access is restricted and implement security measures to protect personal information. Surveillance must be proportionate and biometric data, such as fingerprint scans, should be used only when absolutely necessary.
If this reflects your own experiences of the workplace, Propelfwd can help you navigate these complexities. Our expertise ensures that organisations remain compliant while fostering a workplace where data privacy is respected. From reviewing access controls to conducting data protection impact assessments, we provide practical solutions that align with legal requirements and best practices. If your business handles employee data, let Propelfwd support you in building a robust data protection framework that safeguards both compliance and trust.
