I often get asked my views about things in the news, or in the newspapers (that is NOT the same thing btw).

For example, there has been a lot of discussion about Gary Lineker over the last few weeks, particularly his references to how recent laws are similar to the activities of the Germans during the Holocaust.

I am not, however, being asked for my view as a solicitor, such as whether or not he has breached the terms of his contract with the BBC and whether that gave them a legal basis to remove him from MOTD. Instead, my view has been canvased due to my Jewish heritage.

Similarly, with all the fuss going on between Matt Hancock and Boris Johnson over the WhatsApp messages that are forming the backdrop to the former’s “tell all book”, everyone is talking about the spat between them and asking my political views. However, very few people are talking about whether the disclosure of those messages amounts to a breach of GDPR.

In all honesty, if everyone was going around quoting sections from the act and commenting on whether and if so to what extent it amounted to a breach, I’d be out of a job, not to mention very concerned about people’s sanity and very bored! But I do wonder how many people, such as employers (or possibly even employees) look at what is going on and wonder how that might affect them if anything similar happened in their office.

Let’s take, for example, what happens if two work colleagues have an exchange on WhatsApp about a client. They might comment about how they believe the client is being over charged, or how they narrowly avoided a mistake being spotted or even saying something rude or derogatory about that client. Let’s take that a step further and say that one of those work colleagues is also a senior member of the management team. So this is no longer just a couple of juniors having the modern day version of a conversation around the water cooler. This is now someone in authority admitting (or being aware of) a significant problem. Then let’s say that the more junior of the two leaves the company unhappily, and takes the messages with them, because he/she used their personal phone for work purposes.  The questions arise as to who that data belongs to and how either party can use it.

Much will depend on what (if anything) the company’s paperwork (such as contracts and hand book) say about who the data belongs to and how it can be used. Ideally (hopefully) it says that the data belongs to the company and cannot be used in breach of the company’s GDPR policy (that I’m sure it has) without permission. I would argue that even without such a policy, GDPR may well apply, but let’s not take the risk.

Whilst such a policy would give the company a lot of protection, the fact that Mr Hancock is using these emails for his book suggests that either the government doesn’t have the right policies in place and/or that he has no intention of being bound by them or any other legislation that is in place to protect people’s personal data. Certainly the ICO have so far indicated that they don’t plan to take any action as they don’t believe it is a matter for them, which in itself is a worry.  Nevertheless, if staff are aware of what they can and cannot do with data, and this is enforced as a matter of course, it is much easier to enforce it (through the courts if necessary) than if there is no such policy.

Sometimes it’s about asking the right questions (who does this data belong to) and taking action once you have the answers (it’s our data and if you use it in breach, we will take action against you).

Kleyman & Co Solicitors. The full service law firm. Available to the BBC, the Government and the ICO whenever they need it!