1. Fast availability
For a digital personal file system-related relatively easy access and permissions can be granted. Archiving and deleting data can also be automated. Workflows in the Company and above all in the human resources department, this simplifies, makes more efficient and more effective. Employee information stored in a digital personnel file is available quickly and at any time to the authorized user.
2. Prevent abuse
Undeniably, the digital personnel file offers many advantages. From the point of view of privacy, however, it also harbors the possibility of abuse. The biggest danger is that it can be profiled by profiling another way to control employee performance and behavior.
In addition, privacy can be quickly violated by automated individual decisions. The use and use of the digital personal file should be regulated in writing, eg in a company policy or works agreement.
3. Codetermination obligation of the works council
The introduction of an electronic personnel file requires codetermination. In coordination with the works council or staff council, the introduction of the electronic personnel file for all employees is possible. The works council has a codetermination right if general assessment principles are introduced and this happens in the context of a technical facility, that is, an electronic system.
Here, paragraph 87 para. 1 sentence 6 Works Constitution Act: "The works council has, insofar as a statutory or collective agreement does not exist, to participate in the following matters: [...] Introduction and application of technical equipment intended for behavior or performance to monitor the employee; [...].
4. Consent by the employee
The data protection law is a prohibition law with permission reservation (kind 6 DS-GVO), which means that the processing of personal data is inter alia only lawful,
- if the person concerned agrees,
- if the personal data are processed on any other permissible legal basis,
- on the basis that they comply with the legal obligation to which the company is subject, or
- to fulfill a contract or to carry out pre-contractual measures is required (recital 40 DS-GVO).
5. Observe storage periods
Employers must keep records of applicants and employees (employees), ie the file in paper form in the openable file cabinet, the digital file electronically using a personnel information system. In many cases, there are no provisions on retention and deletion periods, so application and employee records are often kept longer than allowed.
The collection and storage of applicant data serve their purpose until the appropriate candidate is found. If the candidate is unsuitable and / or rejected for the position, the purpose is removed and the data is to be deleted.
6. Adhere to deletion deadlines
If application documents are to be deleted, the existing retention periods may be contrary to this. For example, Paragraph 21 Paragraph 5 AGG (breach of the prohibition of discrimination) grants a period of two months for bringing such action, or the court grants an extension of the time limit. So it can certainly be assumed that a justified retention period of three months. The danger of an AGG action is not infinite.
An applicant must indicate a disadvantage for a feature prohibited by the AGG within the two-month period of § 15 para. 4 AGG. If this period has expired, all personal data must be deleted irrevocably. This also applies to handwritten notes that z. B. during the interview were made. The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW) does not consider storage for more than three months necessary.
7. Written consent required for longer storage
If the company wishes to retain the personal data, ie the application documents, after filling the position for which the applicant has applied, because his profile may be of interest for a later date, the applicant must agree in writing to this further storage (§ 26 para 2 sentence 3 BDSG).
8. Document data protection
Regardless of this, the data protection requirements under Article 32 DS-GVO are to be implemented, documented and regularly monitored by the Data Protection Officer and to monitor compliance with the processing used for the system used to store and use the electronic personnel file. In addition, Art. 25 DS-GVO (data protection through technology design and privacy-friendly presets) to ensure. This applies both to a personnel management system and to the use of an online applicant portal.
Incidentally, many of the points mentioned above also apply to application documents and personal files in paper form.
More knowledge - PDF download, eCourses or personal advice
Offline download: Download this text as PDF - Read usage rights, Because we do not automatically submit the title of this text for privacy reasons: When buying in "interests" the title register if support is needed. After buying text exclusively Download at this URL (please save).
Your eCourse on Demand: Choose your personal eCourse on this or another desired topic, As a PDF download. Up to 30 lessons with each 4 learning task + final lesson. Please enter the title under "interests". Alternatively, we are happy to put together your course for you or offer you a personal regular eMailCourse including supervision and certificate - all further information!
Consultant packages: You want to increase your reach or address applicants as an employer? For these and other topics we offer special Consultant packages (overview) - For example, a personal phone call (price is per hour).