How JustAnswer Works:

  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.

Ask Alex J. Your Own Question

Alex J.
Alex J., Solicitor
Category: Law
Satisfied Customers: 3497
Experience:  Solicitors 2 years plus PQE
13113900
Type Your Law Question Here...
Alex J. is online now

Data Protection Directorate question: We build and manage

Customer Question

Data Protection Directorate question:
We build and manage online surveys for clients. The respondents provide 360° feedback on other workers (with their permission) and their answers are grouped and non attributable to protect confidentiality of the respondent. We have just been asked by one client to identify the input of each respondent so that the two most senior people in the organisation can view this. We are reluctant to go down this route for a number of reasons even though the client has promised us and put in writing that everyone will be briefed and will have acquiesced to this variation in our standard process.
I am uncomfortable with this and want to make sure that we as the supplier of the service are not breaking any laws and doing everything reasonable to uphold both the fact and the spirit of the directorate.
I would like to be able to quote the client any elements of the directorate that are applicable in this situation.
Submitted: 14 days ago.
Category: Law
Expert:  Jamie-Law replied 14 days ago.

Hello my name is ***** ***** I will help you with this.

What is it you want to achieve please?

Customer: replied 14 days ago.

Hi Jamie,

I want to understand my position. I need to know what our liability might be as the providers of the service if the client does not correctly obtain the permission of the respondents to attribute their responses.

I want to make sure that we have adequately mitigated any claim that the individual respondents might have against my company if their data is used inappropiately by the client.

Is it enough in law to have it in writing from the client that they have obtained the permission of each individual to identify their data input or do I need to do anything else.

Does the client need to have written acquiescence from each respondent to confirm their acceptance of the use of the data?

When I go back to the client I need to be able to refer to the relevant sections within the EU and UK Data Protection Acts/Directorate.

Kind regards
Chris

Expert:  Jamie-Law replied 14 days ago.

you need to have a clause in the contract giving you an indemnity. That way you are protected. If they refuse to give you an indemnity then you should not use the data.

An indemnity protects you.

In short the law says you need consent from the persons who's data it is you are using.

Can I clarify anything for you about this today please?

Customer: replied 14 days ago.

Hi Jamie,

The indemnity is a catch all but a) it does not answer my question and b) I am not sure that having an indemnity would mitigate any responsibility under the Data Protection framework, which is why I headed my question specifically with this issue.

I also asked in the main question for specific reference to the articles within the act that relate to my issue so that I can quote them to my client.

I also want to know if it is sufficient to have a written statement from the client confirming that everybody has been briefed and agreed to have their data attributed.

In summary you have not really answered my question

Regards
Chris

Expert:  Jamie-Law replied 13 days ago.

Morning Chris, apologies for the overnight delay.

Under the Act you must satisfy a 'condition for processing'.

This includes consent of the individual.

If you have been given direct consent then all well and good. If the data is being handled by a third party and sent to you then as long as you have a genuine and honest belief that is enough. You can get confirmed in writing from the third party that they have obtained the consent to process the data and indeed that it will be handed to another third party (you).

They need permission from their customers that outside people will process their data. If you do not have this then it can not be done.

The conditions for processing can be found here:

https://ico.org.uk/for-organisations/guide-to-data-protection/conditions-for-processing/

Does that clarify?

Customer: replied 11 days ago.

Hi Jamie,

I didn't receive your message until Saturday and I was away for the weekend, which is a bit weird because I marked it as urgent/important

We process the data, since we have to analyse the data and identify the respondents. We also hold the respondents name and email address as well as the data that they input to the survey, so we are responsible.

You mention that "they need permission from their customers that outside people will process their data. If you do not have this then it can not be done". The target population is my client's staff, not customers (does this make any difference?), and they will know that the data is being processed by a third party.

I've mentioned it a couple of time but I want to know the specific areas with the Directorate that this relates to. The Directorate is the European power which supercedes the UK Data Protection. The link you provided is to the UK Information Commissioner. Does this incorporate European Directorate law? (I could find no reference to the

Expert:  Alex J. replied 11 days ago.

Hi, Thank you for your question and welcome. My name is ***** ***** I will assist you. I reviewed your correspondence here and note your request to understand the position under EU Law - the EU Data Protection does not have direct effect on English Law, that is why we have the Data Protection Act - it is the English expression of the EU requirements under the EU directive. Is your client based in the UK? A starting point may be to see a sample employment contract from the client, normally employment contracts contain the consent needed to process personal data? Are the surveys related to working conditions? When you start the survey is the employ told their data is anonymised?

Customer: replied 10 days ago.

Hi Alex,

Thanks for your input. My understanding is that the Directorate supercedes the UK DPA since it is a Directorate and now enshrined in European Law.

Also I was talking to Jamie and now you have appeared on the scene. This is the first time that another legal expert has taken over a project and I am not sure how this works from a payment point of view, so I would just like to understand where I stand in terms of fees for this project?

So could you please clarify before I waste your precious time and effort on this matter?

Kind regards
Chris

Expert:  Alex J. replied 10 days ago.

Hi, Thank you. My colleague opted out of the question. Data Protection is one of my fields of expertise. The EU Directorate on Data Protection does supersede all other local laws, but only through legislation, your initial complaint, if that is what you have, is dealt with at local level by the Information Commissioner of each country. If the EU wishes to change something they pass new legislation, which is currently happening with the GDPR - General Data Protection Legislation. If your either your client or yourself do not have consent of the employees to use their data then you cannot comply with your client's request retrospectively, you can comply going forward by obtaining consent.

In terms of fees, you do not pay any additional sums for having an additional expert as my colleague opted out. We can continue on this thread for as long as you need to resolve your query. If you would like to leave feedback for me in the mean time I would be most grateful. Kind regards AJ

What Customers are Saying:

 
 
 
  • Thank you so much for your help. Your answers were really useful and came back so quickly. Great! Maggie
< Previous | Next >
  • Thank you so much for your help. Your answers were really useful and came back so quickly. Great! Maggie
  • A quick response, a succinct and helpful answer in simple English. I believe I can now confront the counter party with confidence -- worth the 30 bucks! Rick
  • Wonderful service, prompt, efficient, and accurate. Couldn't have asked for more. I cannot thank you enough for your help. Mary C.
  • This expert is wonderful. They truly know what they are talking about, and they actually care about you. They really helped put my nerves at ease. Thank you so much!!!! Alex
  • Thank you for all your help. It is nice to know that this service is here for people like myself, who need answers fast and are not sure who to consult. GP
  • I couldn't be more satisfied! This is the site I will always come to when I need a second opinion. Justin
  • Just let me say that this encounter has been entirely professional and most helpful. I liked that I could ask additional questions and get answered in a very short turn around. Esther
 
 
 

Meet The Experts:

 
 
 
  • Jo C.

    Jo C.

    Barrister

    Satisfied Customers:

    30316
    Over 5 years in practice
< Last | Next >
  • http://ww2.justanswer.com/uploads/EM/emus/2015-7-7_192327_bigstockportraitofconfidentfemale.64x64.jpg Jo C.'s Avatar

    Jo C.

    Barrister

    Satisfied Customers:

    30316
    Over 5 years in practice
  • http://ww2.justanswer.com/uploads/BE/benjones/2015-12-1_0437_ennew.64x64.jpg Ben Jones's Avatar

    Ben Jones

    UK Lawyer

    Satisfied Customers:

    11553
    Qualified Solicitor - Please start your question with 'For Ben Jones'
  • http://ww2.justanswer.com/uploads/BU/Buachaill/2012-5-25_211156_barrister5.64x64.jpg Buachaill's Avatar

    Buachaill

    Barrister

    Satisfied Customers:

    1754
    Barrister 17 years experience
  • http://ww2.justanswer.com/uploads/JO/jojobi/2013-3-19_0265_maxlowryphoto.64x64.jpg Max Lowry's Avatar

    Max Lowry

    Advocate

    Satisfied Customers:

    894
    LLB, 10 years post qualification experience
  • http://ww2.justanswer.com/uploads/UK/UKLawyer/2012-4-12_9849_F2.64x64.jpg UK_Lawyer's Avatar

    UK_Lawyer

    Solicitor

    Satisfied Customers:

    750
    I am a qualified solicitor and an expert in UK law.
  • http://ww2.justanswer.com/uploads/KA/Kasare/kasare.64x64.jpg Kasare's Avatar

    Kasare

    Solicitor

    Satisfied Customers:

    402
    Solicitor, 10 yrs plus experience in civil litigation, employment and family law
  • http://ww2.justanswer.com/uploads/OS/osh/2015-7-7_19268_gettyimagesb.64x64.jpg Joshua's Avatar

    Joshua

    Lawyer

    Satisfied Customers:

    8199
    LL.B (Hons), Higher Prof. Dip. Law & Practice
 
 
 

Related Law Questions