At a time when organisations are looking to put their houses in order to address the demands of GDPR, this poses a salutary warning to all employers to ensure that they engage with their staff to ensure that everyone is aware of their duties and obligations with regard to personal data.  

It will be interesting to follow the appeal in this matter, which found that - notwithstanding that the Company had taken appropriate steps with regard to personal data - the Company was liable for the data breach orchestrated by a disgruntled employee.  The court recognised that in reaching its decision it was giving effect to the aims of of the former employee, which was to cause damage to the Company.  

Greater clarity is urgently needed in this area to ensure that organisations can be confident that they are both protecting personal data and receiving appropriate protection themselves.