Introduction and Basics
Numerous requirements of the General Data Protection Regulation affect the human resources sector and, in particular, the handling of employee data.
Especially under the aspect of advancing digitisation, employee data protection is an important topic. The personal rights of your employees and colleagues must be protected, which is why data protection should be a top priority in every HR department. Employee data protection focuses exclusively on applicants and employees.
The aim is to protect their personal rights. Furthermore, applicants and employees should be able to determine for themselves which of their personal information may be stored and processed.
From a data protection perspective, the HR department, in cooperation with the company’s data protection officer (DPO) or an external DPO if the company appoints one, has among others the following tasks:
- Protection of employee data from unauthorised access and loss
- If applicable, commitment to the obligation of telecommunications secrecy according to sect. 88 German Telecommunications Act (TKG) for employees who inspect telecommunications data (e.g. IT administrators)
- Creating and publishing guidelines on the proper handling of personal data in the workplace
- Examination of employees with regard to their qualification of handling (sensitive) personal data
- Constant contact with the company’s or external DPO as well as the company management and the workers council.