1. Special requirements for the digital file
Whether a personal file in paper form or electronic form is managed, is first of all secondary importance.
Basically, it is always the privacy to observe and ensure. In the electronic form, however, the data protection laws make the employer special requirements.
2. trust application
Already the application process is subject to regulations. He is to be seen as a pre-contractual relationship of trust. Paragraph 26 para. 1 BDSG (Federal Data Protection Act) states that personal data may be processed by employees for the purpose of employment if this is necessary for the decision on the establishment of an employment relationship.
For example, in the application process these data include name and address, telephone number and e-mail address, certificates and CV. In addition to these typical application documents, the storage of personal data collected with admissible questions is unproblematic from a data protection point of view.
3. E-recruiting systems control the process
Many companies offer applicants the opportunity to promote themselves via a special portal, ie online, on the company website.
This includes information on the person and the professional career as well as the uploading of documents such as resume, certificates, certificates, etc. Especially in large companies, such e-recruiting systems control the process of an application process and are resource-saving for the personnel area.
4. Electronic system can not decide alone
If the applicant applies via the online portal of a company and has systems involved in the decision on the staffing, then first Art. 22 DS-GVO (General Data Protection Regulation) must be considered. It prohibits subjecting an affected person, ie an applicant, solely to a decision based on automated processing.
However, the scope of this provision is not yet in place when the system rejects applications for purely formal reasons, such as: For example, if mandatory information or required certificates are missing. In practice, this means that an automated preselection may be made, but the final decision on the recruitment of an applicant must take place by a natural person and must not be left to the electronic system alone.
5. What may be stored in the electronic personnel file?
Attention already requires scanning the documents. For new employees, this is relatively easy, as long as the data required for employment has not already been collected through the e-recruiting system. However, it must also be checked whether the personal data may continue to be stored. When changing the personnel file of "old" employees, not everything must be scanned. But in (almost) every personal file there are old and outdated documents that can no longer be processed from a data protection point of view.
6. Note purpose limitation
Two of the six principles governing the processing of personal data should be mentioned: Firstly, the storage, use and processing of personal data (handling of personal data) must always be based on a specific purpose.
The responsible persons must adhere to this purpose. Ie. Only the personal data of the employee necessary for carrying out the employment relationship may be stored. Secondly, this means that everything else has to be deleted or destroyed in the case of paper documents.
7. Keyword "required
An (electronic) personnel file may only contain the information provided by the employer
a) has lawfully acquired and
b) for which there is a material interest.
The keyword is "required", ie the information should not only be useful. If the scanning of the personnel files and documents is outsourced by the company to a service provider, then a processing of the order according to Art. 28 DS-GVO (processor) must be completed.
8. After termination of employment
Personal files of former employees are often stored for decades. It is often argued that the employer is obliged to do so. But here is to differentiate:
The relevant regulations are of tax and social security nature, which obligate the employer, on the one hand to keep accounting records (eg salary and payroll) and, on the other hand, to keep them for a certain amount of time. The reservation of permission for further storage results from a relevant law (eg AO, EStG, SGB) as well as balance sheet regulations.
9. Observe the storage obligation
Various health and safety regulations, including the Working Hours Act (ArbZG), the Maternity Protection Act (MuSchG) and the Occupational Integration Management (BEM) also oblige the employer to keep personnel records. These are documents that are (often) kept outside the personnel file of the individual employee.
Text as PDF, book or eCourse on the topic or personal advice
Offline download: Download this text as PDF - Read usage rights, Because we do not automatically submit the title of this text for privacy reasons: When buying in "interests" the title register if support is needed. After buying text exclusively Download at this URL (please save). Or for a little more directly an entire book or eCourse with this text buy, read on.
Book on the topic with discount: This text is also available in book form and you can buy the title here in two languages. You can also preview the book first look at and then purchase directly on the book page with a 20 percent member discount.
German edition: ISBN 9783965960268
English version: ISBN 9783965960275 (Translation notice)
Your eCourse on Demand: Choose your personal eCourse on this or another desired topic, As a PDF download. Up to 30 lessons with each 4 learning task + final lesson. Please enter the title under "interests". Alternatively, we are happy to put together your course for you or offer you a personal regular eMailCourse including supervision and certificate - all further information!
Consultant packages: You want to increase your reach or address applicants as an employer? For these and other topics we offer special Consultant packages (overview) - For example, a personal phone call (price is per hour).