We want to know everything! - Data protection in the application

by | Aug 16, 2022 | Privacy

We want to know everything! - Data protection in the application

In every HR/personnel department, vast amounts of personal data are processed. Not only employees of the company are affected, but also applicants in the application process.

Where do the boundaries of data protection run here?

Consent to the processing of personal data during application

The first big question about data protection in the application process is: Do applicants have to consent to the processing of their data? Consent data or may your data also be processed on the basis of another legal basis?

As is so often the case, the lawyer here responds with, "It depends!"

The processing of personal data in the application process may be lawful under Section 26 I 1 BDSG if the data is required for the decision on the establishment of an employment relationship. In this case, no separate consent is required.

For all other data, a corresponding Consent according to the GDPR to be obtained. It should be noted that this consent can be revoked by the applicant at any time.

Deletion of personal data after application

Once the data is available, another important data protection issue is when to delete it.

If an applicant is rejected, the corresponding personal data deleted immediately, Art. 17 I lit. a GDPR. An exception only exists if the data is required for the defense of legal claims (e.g. if it is foreseeable that the applicant intends to assert that his or her rejection is not compatible with the AGG). The controller can generally no longer invoke this exception after six months have passed since the rejection.

Information on the processing of personal data during the application process

According to Art. 12 et seq. of the GDPR, the controller must Applicants on the processing of personal data inform. In principle, this information must be provided at the time of collection. Depending on the application channel, appropriate data protection information must be provided.

What happens in the event of unlawful processing?

Lies in the processing personal data in the application process is a violation of the GDPR the supervisory authorities can initiate appropriate measures and impose fines. Affected applicants can also assert a claim for damages in accordance with Art. 82 GDPR. In addition, the company may suffer major damage to its image.

To avoid such damage, it is particularly important to use the Train personnel in the HR/personnel department accordingly.

Do you need advice or assistance on the subject of data protection in your company? Our team of experts will be happy to help you! We also offer appropriate employee training tailored to your company. Contact us Contact up!

DSB buchen
en_USEnglish
de_DEDeutsch es_ESEspañol fr_FRFrançais pl_PLPolski en_USEnglish