Welcome to another edition of Privacy Notes.
The Africa Data Protection Conclave took place yesterday and today. It was a grand occasion with various stakeholders and leading authorities on Data Protection from all over Africa in attendance coming together to discuss issues of data protection and cyber security in Africa. If you missed it, you really missed something there.
In other news, popular fashion house H&M (Hennes and Mauritz) in Germany has been fined for infringing the rights and freedoms of its employees. Particularly, the company was found guilty of collecting excessive records on the families, religions and illnesses of its workforce at its Nuremberg Service Centre. H&M’s privacy violations were noted to include extensive staff surveys, with details of holidays, medical symptoms and diagnoses for illnesses. These violations were found from the year-long investigation by the Data Protection Authority of Hamburg (HmbBfDI). It was further discovered that some managers also sought further private details in informal chats, including family issues or religious beliefs, which were then stored and used to evaluate work performance and make employment decisions.H&M was thus fined €35.3m for the illegal surveillance of several hundred employees.
This goes to show that employees are also data subjects who are protected by the provisions on data protection. The excessive collection of personal data goes against the principle of Adequacy and the concept of Data Minimization which are essential elements of data protection.
Organizations in Nigeria are advised to procure the services of a Data Protection Compliance Organization to ensure that they are always in compliance with the provisions of the Nigeria Data Protection Regulation (NDPR) as well as any other subsidiary legislation on data protection in force in Nigeria.
Thank you for reading to this point.
Till next week,
Uwemedimo Atakpo Jnr.