Employee data protection
Employee data protection affects many areas of working life and is therefore considered to be one of the most sensitive areas of data protection law. Companies should not allow themselves to make any mistakes here.
For organisational reasons alone, the collection and use of personal data concerning employees is unavoidable at the majority of companies. The German Federal Data Protection Act is of considerable importance in this context: personal data may only be processed if this is necessary for hiring decisions or for carrying out or terminating employment contracts.
Companies therefore often ask themselves the following questions: Can I publish photos of employees on our website? How do I need to handle personal data concerning health? Under what conditions can I disclose personal data to third parties? Many companies are unsure of what is actually permitted and where the legal limits lie with regard to employee data protection.
Why choose ISiCO?
- Preventative compliance: Together with you, we formulate rules of conduct and policies to protect your company from data protection infringements or even criminal offences
- Pre-employment screening: Trustworthy personnel is one the keys to handling sensitive data – we support you in carrying out background checks in compliance with data protection law
- Applicant management: We show you how to handle applicant data, how to build up an applicant pool in compliance with the law, and which tools you may use in the process
- Personnel file: What belongs in a personnel file? What requirements do you need to meet? How long can I keep certain documents? What erasure periods apply?
- Whistleblower system in compliance with data protection law: Establishing an effective whistleblower system is a true challenge with regard to data protection law – we know all the pitfalls
- Inspection and evaluation of employee emails in compliance with data protection law: Sometimes, inspecting employees’ emails is necessary for investigations of legal infringements or even criminal offences – employee data protection, however, sets strict limits on what can be done
- Repressive compliance: It is essential to act correctly if a criminal offence is committed in your company – we show you how to prepare for any emergency and, as required, work with you to create a crisis plan
- Rights of data subjects: We support you in upholding the rights of data subjects and replying to requests from your employees – how far does the right of access go?
- Review use of digital tools: Tools for feedback, applicant management, recruitment tests, the use of AI in selecting applicants, and assessment centre tests
- Works council: We support you in correctly involving your works council
- Outsourcing: Employee secondment in compliance with data protection law
- Employees’ right of access: What does employees’ right of access cover? How do you need to provide the information?
- And much more …
With the expertise our ISiCO consultants possess, you know right away what to look out for when handling employee data and what the options are for optimising your company within the framework of applicable law.