You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
Has anyone ever hit their old employer with a data subject access request?
This is where you can request to see any information that any company holds
about you, not just employers but any company you have had dealings with.
The company have to respond within 30 days and they cannot make excessive
charges for handling it.
My friend has recently changed jobs from a place where he was working for
nigh on 15 years. We were chatting on Whatsapp and I mentioned that it
might be fun to hit them with a dsar as he had left under a slight cloud where he felt he had been treated unfairly and not supported sufficiently.
He could then see from emails what actually happened plus it would be fun
to imagine the shitty management having meetings and worrying themselves over
it and what they might have written about him on emails.
Downside is he might see things that would upset him and perhaps it is just
better to leave it and move on. Anyway, he's only gone and done it. 😆 I'm
not sure any good will come of it.
Any experience or thoughts?
Why? There is no wisdom to be gained from this.
I mentioned that it might be fun to hit them with a dsar
You and I have a very different idea of what fun is.
And if the company replied and said, "we don't hold that information any longer as our record retention schedule states that all this information is deleted when an employee leaves the business?"
I would imagine he will just get a copy of the hr file. I doubt he will get s copy of all n emails, text messages and WhatsApp conversations in which he was involved directly or mentioned in.
You wouldn't get anything particularly juicy - if there are emails and the protagonists are personally identifiable (not just named, if an email reads "..as jekkyl's mate's manager.." then redacting the name at the top doesn't prevent them being identified by context) then they (the individuals sending the emails) would have to give their consent or their data privacy rights would be breached, and if there's anything remotely "dodgy" you can assume that the authors won't be giving the consent.
On the other hand, in most cases the organisation can no longer charge for providing it (unless the request is "manifestly unfounded or excessive").
It is his right to have a copy of anything that is his personal data, if an exemption under DPA 2018 does not apply.
In a work context, much of what has a passing mention of a person who is carrying out their duties would not be their personal data - it has to be largely about the person.
An employer will hold a considerable amount of data in a staff file after an employee has left, they would be in breach of various employment and pensions legislation if they didn't, not to mention keeping records to protect themselves if the past employee did get involved in discplinary stuff.
I suspect you would get an edited version of what they had. How would you show they hadnt given you everything? Not sure what you would gain from this.
I've thought about this, but over the years I've learnt to never burn bridges, even when you're leaving under a cloud. Walk away, you never know when you may come back or get bought out by the bad lot. I threw my dummy out at two previous employers. First one was 15 years ago, they pleaded to take me back 6 months later as a contractor. My original "go stick your head in a pig" resignation letter made the re-hire quite fraught with their HR team.
Second time around I quit politely and professionally. Somehow they too came looking for me about a year later. Hired as subby on the spot, no bad feeling.
Britain is a small place to work. Expect to see the same faces again and again.
I have just made a DSAR for my entire staff file from a previous employer - but only because, in spite of numerous emails and phone calls, the previous employer still hasn't provided me with the information I need to link service with the PCSPS. At least this way, they have a statutory deadline to comply with. I shouldn't have to do this !
He could then see from emails what actually happened plus it would be fun
to imagine the shitty management having meetings and worrying themselves over
it and what they might have written about him on emails.
Incorrect.
A SAR only covers information held on the employee via HR records. It doesn’t cover activities undertacken whilst engaging on the employers behalf.
So you only get x worked A-B and any information held on the HR record.
Wouldn't GDPR prevent then from holding on to any information that wasn't absolutely required once the person had left.
I thought one of the key points of GDPR was that information that wasn't explicitly needed was deleted.
Define 'needed'.
This is fun.
This is not fun.
^^ 👍🤣
It depends how staff info is managed in an organisation, some have a centralised HR function, in many processes like recruitment and disciplinary are devolved to line managers.
Define ‘needed’.
He doesn't need to, that's for the company to decide and document in there data inventory and record retention schedule.
For employees data you would not have a legal basis for keeping much past the end of employment, some pension data, health and safety stuff etc. As stated above by myself and others, no data should be held longer than for its intended purpose. Once employment ends most of an HR file is not required fo rits original purpose of managing employment.
matt oaa four weeks ago...
[img] [/img]
matt oaa for the last three weeks and counting checking the status of his warranty claim...
I know my ex employer has a blacklist of people they won't have back (no idea if I'm on it). I suspect they'd classify that as needed information they have to keep, I did wonder if they'd disclose it if requested! I suppose it might not count as personal data as it's not actually your data (your pay, age, whatever) it's their data? Presumably they keep some data on all former employees as it would be invaluable for recruiting them back, we had searchable CV's so they could find people internally that had worked on similar projects before, they must still have that even after we've left incase they need to poach us back or if we come back so it doesn't all need re-populating.
Shitty thing to do if you ask me. I doubt it's the people your friend had dealings with that will have to sort this out, or be worried about it. Probably some low paid HR Admin employee who will have to go digging through old files and emails working with IT / Legal.
So, keeping a blacklist is almost certainly counter to data protection laws, I think the construction industry got hit hard with a fine for that a few years ago.
TBF looks like he is having a shuffle under the desk
^so needs a gif of his eyes rolling back...
keeping a blacklist is almost certainly counter to data protection laws, I think the construction industry got hit hard with a fine for that a few years ago.
That was because they were blacklisting people based on union activity.
Sorry, I've "redacted" your "so".
Beware of "vexatious" requests.
Thread title was promising up until about the sixth word.