In today’s environment, with numerous electronic devices and communication among colleagues conducted to a large degree online, it can be difficult for companies to know just how to treat the increased amount of personal employee data that they are gathering.
What is the right balance between observing your employees’ right to privacy with your legitimate need to monitor their work?
It is largely for this reason that a group of European data protection authorities known as the Article 29 Working Party (WP29) adopted new guidance on the processing of data in the workplace in June 2017.
New technologies and ways of working
The group agreed that new technologies and other practices have led to employers collecting more of their employees’ personal data, and the WP29 group also took into account the upcoming EU General Data Protection Regulation. This raises a number of interesting questions.
For example, can a company legitimately view a potential employee’s social media profile before an interview? What about the social media profiles of existing employees? Similarly, can an employer track the whereabouts of an employee driving a company car, or using a company phone?
Certain legal grounds for processing employees’ personal data
The WP29 concluded that there are certain legal grounds for processing employee data e.g. processing of payroll data, legal obligations under tax and health and safety grounds, and legitimate interests, such as an employer looking to improve efficiencies in the workplace.
The WP29 restated its position that consent is not a valid legal basis to process data, except in very limited situations where there will be no consequences for failing to provide that consent.
So how should companies proceed in light of this guidance? Simply put, an employer should:
- consider the legal grounds it relies on to process employees’ personal data
- ensure that processing is appropriate and as unintrusive as possible
- clearly inform employees of this processing through a workplace monitoring policy or a similar document
- bear in mind the principles of data protection both by design and default
- keep abreast of national data law, as EU member states can introduce their own specific law with regard to processing employees’ personal data in the workplace.
The collection, retention and use of data is under the spotlight with the upcoming GDPR. It is crucial that you are aware of your rights and responsibilities with regard to employees’ personal data.
Our dedicated employment law team is on hand to help you with any questions you may have with regards to the personal data of your employees. Contact us if you’d like to know more, we’d be happy to help.
23 November 2017