GDPR Data request from customer

Purple

Registered User
Messages
13,957
I can't go into specifics as to why this is being requested but a representative of a customer has requested a list of our employees broken down by name, age, gender and length of service. As far as I am concerned that would be a breach of the GDPR in that we would be furnishing personal data without the consent of those involved. Anyone any thoughts on this?
 
Unless they have some legal authorisation to request that information, then on the face it, it sounds like a data breach if the information requested is given.
Even if the client requesting the information has a legal authority, the basis upon which that legal authority is being invoked would need to be considered also.

I would politely decline the request and see what follows.
 
Sounds very nosy to me, I'd imagine it isn't exactly what your employees would be happy sharing... As Data Controller, what consent have your employee's given to you in terms of sharing their data (especially since it includes data that identifies them!).
 
Purple, without specifics is this required for a contract / RFP scenario, where they want details of the employees that will be working on their contract, or a potential breach of contract challenge?
 
A list is certainly a non-runner, but you should be able to respond breaking down the number of employees aged 20-30, 30-40, 40-50, etc., numbers of male / female and then the overall average tenure. Tenure could be broken into different categories of staff if that made sense, i.e., if it supported a particular competency that may be important to that particular customer.

Ethical sourcing is a growing trend, and companies are seeking out this type of information so that they can rule out suppliers they feel don't meet their standards on eliminating discrimination on grounds such as gender, age, etc.. For quite some time now ethical mutual funds have been big business where the funds will only invest in companies who can demonstrate a certain degree social responsibility.
 
Thanks for the responses guys. That affirms my view on the request.

Leo is on the money as usual.
 
Ethical sourcing is a growing trend, and companies are seeking out this type of information so that they can rule out suppliers they feel don't meet their standards on eliminating discrimination on grounds such as gender, age, etc..
Wow, just wow. So now companies can discriminate against companies as long as the criteria suits some made-up list by people who have nothing better to do. What will happen when they require to employ drain cleaners or nurses ?
 
Wow, just wow. So now companies can discriminate against companies as long as the criteria suits some made-up list by people who have nothing better to do.

Yeah, hardly a surprise there? People and private companies are free to shop where they like. If a private individual or a company have strong ethical standards, why should they not choose to spend their own money supporting other companies that share that ethos?

If you're choosing between two pretty much identical products, one from a company that is investing in ensuring more equal opportunities and the other from a company known to discriminate against older people or minorities, or with a very poor environmental record, are you suggesting you shouldn't be allowed take those factors into account?
 
Yeah, hardly a surprise there? People and private companies are free to shop where they like. If a private individual or a company have strong ethical standards, why should they not choose to spend their own money supporting other companies that share that ethos?
If you're choosing between two pretty much identical products, one from a company that is investing in ensuring more equal opportunities and the other from a company known to discriminate against older people or minorities, or with a very poor environmental record, are you suggesting you shouldn't be allowed take those factors into account?

No problem whatsoever with that. But how are they going to assess that by getting the ages and genders of the people who are going to do the work for them ?
 
No problem whatsoever with that. But how are they going to assess that by getting the ages and genders of the people who are going to do the work for them ?

They can compare the numbers provided to industry baselines. If PurpleCo show the are beating the industry averages, then that could be seen as a positive, if however they lag far behind, then that might rule them out of contention.
 
Wow, just wow. So now companies can discriminate against companies as long as the criteria suits some made-up list by people who have nothing better to do. What will happen when they require to employ drain cleaners or nurses ?
I've no problem with the audit. Companies should know who is in their supply chain.
 
I have seen this where a company doesn't want to work with a revolving door of people. Also some companies are actually little more than front for outsourcing.

It can have an impact on a project if people gain business domain knowledge, then leave and the new staff have to relearn it all over. Especially with IT projects.
Likewise if there are going to ongoing projects and the staffing is not consistent.
 
I have seen this where a company doesn't want to work with a revolving door of people.

That is the bit which I would be very happy to supply as a selling point.

"We have 100 employees with an average length of service of 7 years.

The people assigned to your contract will be Mary - Female - who has 20 years in the industry and with us for 4 years and Johnny - male - with us for 10 years since leaving school"

Brendan
 
Its not uncommon to get a bunch of CV attached to a proposal, mainly outlining technical expertise for the project. Personal information was not on the ones I've seen. It was pre GDPR though.
 
Back
Top