Data Security in Recruiting: Paperless Personnel File - 9 Tips

Work well, plant 500 trees! We make the Working World more Human and Ecological, so we donate Revenue for Certified Afforestation. As Publisher Best of HR - Berufebilder .de® with an unique Book Concept, on Demand eCourses and News Service we share 15 years of Experience with our Customers (Samsung, Otto, State Institutions). By the Top 20-Blogger Simone Janson, referenced in ARD, ZEIT, WELT, Wikipedia .
Copyright: Artwork created as part of a free collaboration with Shutterstock. ,

The electronic personnel file is on the rise in human resources departments. It simplifies and optimizes workflows in personnel management. Employee information is available at any time by clicking. But what about privacy?

Data Security in Recruiting: Paperless Personnel File - 9 Tips Data Security in Recruiting: Paperless Personnel File - 9 Tips

Text as PDF, book or eCourse on the topic or personal advice

Here writes for you:

Regina Mühlich AdOrga_Regina Mühlich_berufe picturesRegina Mühlich is a certified data protection officer, management consultant and owner of AdOrga Solutions.


1. Special requirements for the digital file

Whether a personal file in paper form or electronic form is managed, is first of all secondary importance.

Basically, it is always the privacy to observe and ensure. In the electronic form, however, the data protection laws make the employer special requirements.

2. trust application

Already the application process is subject to regulations. He is to be seen as a pre-contractual relationship of trust. Paragraph 26 para. 1 BDSG (Federal Data Protection Act) states that personal data may be processed by employees for the purpose of employment if this is necessary for the decision on the establishment of an employment relationship.

Tip: Text as PDF (please read the instructions!) Download or for a little more Book on the topic with discount or eCourse book. Actions or news via Newsletter!

For example, in the application process these data include name and address, telephone number and e-mail address, certificates and CV. In addition to these typical application documents, the storage of personal data collected with admissible questions is unproblematic from a data protection point of view.

3. E-recruiting systems control the process

Many companies offer applicants the opportunity to promote themselves via a special portal, ie online, on the company website.

This includes information on the person and the professional career as well as the uploading of documents such as resume, certificates, certificates, etc. Especially in large companies, such e-recruiting systems control the process of an application process and are resource-saving for the personnel area.

4. Electronic system can not decide alone

If the applicant applies via the online portal of a company and has systems involved in the decision on the staffing, then first Art. 22 DS-GVO (General Data Protection Regulation) must be considered. It prohibits subjecting an affected person, ie an applicant, solely to a decision based on automated processing.

However, the scope of this provision is not yet in place when the system rejects applications for purely formal reasons, such as: For example, if mandatory information or required certificates are missing. In practice, this means that an automated preselection may be made, but the final decision on the recruitment of an applicant must take place by a natural person and must not be left to the electronic system alone.

Tip: Text as PDF (please read the instructions!) Download or for a little more Book on the topic with discount or eCourse book. Actions or news via Newsletter!

5. What may be stored in the electronic personnel file?

Attention already requires scanning the documents. For new employees, this is relatively easy, as long as the data required for employment has not already been collected through the e-recruiting system. However, it must also be checked whether the personal data may continue to be stored. When changing the personnel file of "old" employees, not everything must be scanned. But in (almost) every personal file there are old and outdated documents that can no longer be processed from a data protection point of view.

6. Note purpose limitation

Two of the six principles governing the processing of personal data should be mentioned: Firstly, the storage, use and processing of personal data (handling of personal data) must always be based on a specific purpose.

The responsible persons must adhere to this purpose. Ie. Only the personal data of the employee necessary for carrying out the employment relationship may be stored. Secondly, this means that everything else has to be deleted or destroyed in the case of paper documents.

7. Keyword "required

An (electronic) personnel file may only contain the information provided by the employer

a) has lawfully acquired and

Tip: Text as PDF (please read the instructions!) Download or for a little more Book on the topic with discount or eCourse book. Actions or news via Newsletter!

b) for which there is a material interest.

The keyword is "required", ie the information should not only be useful. If the scanning of the personnel files and documents is outsourced by the company to a service provider, then a processing of the order according to Art. 28 DS-GVO (processor) must be completed.

8. After termination of employment

Personal files of former employees are often stored for decades. It is often argued that the employer is obliged to do so. But here is to differentiate:

The relevant regulations are of tax and social security nature, which obligate the employer, on the one hand to keep accounting records (eg salary and payroll) and, on the other hand, to keep them for a certain amount of time. The reservation of permission for further storage results from a relevant law (eg AO, EStG, SGB) as well as balance sheet regulations.

9. Observe the storage obligation

Various health and safety regulations, including the Working Hours Act (ArbZG), the Maternity Protection Act (MuSchG) and the Occupational Integration Management (BEM) also oblige the employer to keep personnel records. These are documents that are (often) kept outside the personnel file of the individual employee.

Tip: Text as PDF (please read the instructions!) Download or for a little more Book on the topic with discount or eCourse book. Actions or news via Newsletter!

Text as PDF, book or eCourse on the topic or personal advice

Offline download: Download this text as PDF - Read usage rights, Because we do not automatically submit the title of this text for privacy reasons: When buying in "interests" the title register if support is needed. After buying text exclusively Download at this URL (please save). Or for a little more directly an entire book or eCourse with this text buy, read on.

3,99 Book now

Book on the topic with discount: This text is also available in book form and you can buy the title here in two languages. You can also preview the book first look at and then purchase directly on the book page with a 20 percent member discount.

German edition: ISBN 9783965960268

7,99 Buy directly

English version: ISBN 9783965960275 (Translation notice)

7,99 Buy directly

Your eCourse on Demand: Choose your personal eCourse on this or another desired topic, As a PDF download. Up to 30 lessons with each 4 learning task + final lesson. Please enter the title under "interests". Alternatively, we are happy to put together your course for you or offer you a personal regular eMailCourse including supervision and certificate - all further information!

19,99 Book now

Consultant packages: You want to increase your reach or address applicants as an employer? For these and other topics we offer special Consultant packages (overview) - For example, a personal phone call (price is per hour).

179,99 Book now

occupations pictures

You want to comment here? Please the Debate Rules comply, contributions must be unlocked. Your eMailAddress remains secret. More information on the use of your data and how you can counter this can be found in our Privacy Policy.

  1. To follow debate on this post
  2. All debates follow
  1. Holger Prieske

    If you prohibit too much in the personnel file, then the boss takes a small booklet, or Google notes, or the like, and takes notes about his employees.

    • Simone Janson

      Hello Mr. Prieske, nice thought

Post a Comment

Your eMail address will not be published. Required fields are marked with * .

JaI would like to be regularly informed about the latest promotions & offers Newsletter be informed.

I hereby accept the Debate Rules and the Privacy policy with the possibility to contradict the use of my data at any time.