In the HR area of a company, the processing of vast amounts of personal data is in the nature of the work. Here you can find out what you need to pay particular attention to when it comes to data protection.

Rights of the employee

The processing of personal data begins as soon as the application of an interested party is received by the company. The aim of data protection here is to protect the personal rights of the (future) employee.

Therefore, the employee has the right to inspect the data stored about him. This includes not only the personnel file, but also all data otherwise stored about his person.

In addition, the employee has the right to have sensitive data about him or her withheld by the employer. This is the case, for example, with information about Sick leave or the state of health is the case. In principle, the employer may also only pass on personal data about the employee if this is necessary for the fulfillment of the employment contract or if consent has been given.

If the employer asks the employee things that should not be asked, the employee may also remain silent or even lie.

Duties of the employer

The employer (or in particular the HR department), on the other hand, also has various duties towards the employee, which also serve to protect his or her personal rights.

Data that is illegally collected, outdated or incorrect shall be deleted, corrected or blocked upon request.

If sensitive data is to be stored that the employer is not legally obligated to store (for example, religious affiliation must be recorded in order to collect church tax), consent must be obtained.

The employee must be comprehensively informed about all processes concerning his or her personal data. In particular, information must be provided about who is responsible for the processing, what the purpose is, what category of data is involved, whether data is transferred to third countries, how long it is stored and why this is necessary.

In addition, the HR department is responsible for protecting the data against unauthorized third parties. It should be noted that access to the data should be regulated accordingly with access authorizations. It is best to use proven software and let us advise you professionally on the selection and setup.

Actions to be performed by the HR department

In order to maintain the level of protection provided by the GDPR, the following actions typically need to be performed as required:

The personal data must be deleted as soon as the purpose of the processing ceases to apply. There are various automated tools for this purpose, about which we can advise you.

The HR department is also responsible for ensuring data economy and complying with the information requirements of the GDPR. Access and entry controls also fall within the scope of duties. It is also important to ensure that sensitive data is handled separately from other data. Regular checks must also be carried out to ensure that the services and software used comply with the requirements of the GDPR.

Finally, the HR department is also responsible for being able to demonstrate compliance with data protection requirements at all times (accountability).


In addition to the management of human resources, many data protection tasks are the responsibility of the HR department. Compliance with data protection regulations is a very high priority here.

It's not just the increasing digitization that keeps creating challenges. The amount of regulations to be observed can also quickly become confusing. We would therefore be happy to advise you on optimal solutions for your company.

DSB buchen