In the HR area of a company, the processing of vast amounts of personal data is in the nature of the work. Here you can find out what you need to pay particular attention to when it comes to data protection.
Rights of the employee
The processing of personal data begins as soon as the application of an interested party is received by the company. The aim of data protection here is to protect the personal rights of the (future) employee.
Therefore, the employee has the right to inspect the data stored about him. This includes not only the personnel file, but also all data otherwise stored about his person.
In addition, the employee has the right to Sensitive data about him or her may be withheld by the employer. This is the case, for example, with information about Sick leave or the state of health. In principle, the employer may personal data about the employee only if this is necessary for the fulfillment of the employment contract or if consent has been given.
If the employer asks the employee things that should not be asked, the employee may also remain silent or even lie.
Duties of the employer
The employer (or in particular the HR department), on the other hand, also has various duties towards the employee, which also serve to protect his or her personal rights.
Data that is illegally collected, outdated or incorrect shall be deleted, corrected or blocked upon request.
If sensitive data is to be stored that the employer is not legally obligated to store (for example, religious affiliation must be recorded in order to collect church tax), consent must be obtained.
All processes that affect his personal data the employee must be comprehensively informed. In particular, information must be provided on who is responsible for the processing, what the purpose is, what category of data is involved, whether data is transferred to third countries, how long it is stored and why this is necessary.
In addition, the HR department is responsible for protecting the data against unauthorized third parties. It should be noted that access to the data should be regulated accordingly with access authorizations. It is best to use proven software and let us advise you professionally on the selection and setup.
Actions to be performed by the HR department
In order to Level of protection of the GDPR the following actions must typically be carried out as required:
The personal data must be deleted as soon as the purpose of the processing no longer applies. There are various automated tools for this, which we will be happy to advise you on.
It is also the HR department's task to ensure that data is kept to a minimum and that the Information obligations of the GDPR to comply. Access and entry controls also fall within the scope of duties. It is also important to ensure that sensitive data is handled separately from other data. Regular checks must also be carried out to ensure that the services and software used comply with the requirements of the GDPR.
Finally, the HR department is responsible for ensuring compliance with the Data protection regulations to be able to prove this at any time (accountability).
Conclusion
In addition to the management of human resources, many data protection tasks are the responsibility of the HR department. Compliance with data protection regulations is a very high priority here.
It's not just the increasing digitization that keeps creating challenges. The amount of regulations to be observed can also quickly become confusing. We would therefore be happy to advise you on optimal solutions for your company.
English 
Deutsch 
Español 
Français 
Polski