What does the new EU data protection law bring?
What are employers allowed to do and when does the boss exceed his authority? Employee data protection is a personal right that every employee and staff member in a company can insist on. However, there are exceptions that are relevant in the EU-DGSVO, which will be valid from May 2018 and replace the previous BDSG. Complementary monitoring in the workplace is already prohibited by the regulations in employee data protection and this aspect remains.
What changes will there be in employee data protection?
With the introduction of the EU DGSVO, a uniform regulation applies throughout Europe. There are no two opinions when it comes to important and work-related data. Some excellent websites explain in detail what changes the EU legislation brings to employee data protection and what data employers may - or may not - collect. Every employer has the right to access the following employee information and store it in company records:
- Name and address
- Bank details
- Education, qualifications and specializations
- the actual working time (working time recording)
- various processes and histories on the company computer.
Things get tricky when it comes to the employee's sensitive and personal data. For example, according to the guidelines on employee data protection, the employer is not entitled to retrieve health information or private data of the employee and store it in the system. The monitoring of telephony, the control of e-mail traffic or the use of employee photos fall into the area requiring special approval. Only under certain conditions and with prior agreement are employers authorised to collect this data and process it.
Works council advises on problems in employee data protection
Who do I contact if I have any questions and who is so knowledgeable about employee data protection that they can really advise me? In companies with a works council, the works council is the right contact for all questions regarding employee data protection. A direct approach to the employer usually leads to conflicts and, if only individual employees are bothered by certain data-generating measures, is not a target-oriented solution. If the workplace is suddenly under video surveillance or if all conversations in the company are recorded, if the employer reads the e-mail traffic of an employee or if the social network account is monitored by the company, the way to the works council is the first and best option. Which exceptions are permitted in employee data protection is best set out in writing in a meeting at employer level with the works council and the data protection officer.
Exceptions prove the rule - When an employee is under suspicion
In the case of theft or corruption and bribery, suspected disloyalty to the company and other actions damaging the company's image, employers can resort to various means. But even in the case of urgent suspicion, compliance with the rules manifested in the employee data protection is important. All measures applied must be in proportion to the reason. For example, employee data protection does not provide that a suspected criminal offence in the company leads to surveillance of the privacy of the suspected employee.
