Go to Article

Better work, information as desired: We give you the information you really need and are committed to a better and more ecological working environment. When Book Publisher Best of HR – Berufebilder.de® with Unique Book Concept and eCourses we offer over 20 years of experience in Corporate Publishing - with Clients like Samsung, Otto, Governmental Institutions. Publisher Simone Janson also heads the Institute Berufebilder Yourweb, which awards scholarships and belongs to one of the top 10 female German bloggers, referenced in ARD, FAZ, ZEIT, WELT, Wikipedia .

Disclosure & Image Rights: Artwork created as part of a free collaboration with Shutterstock. 

Here writes for you:

AdOrga_Regina Mühlich_berufebilderRegina Mühlich is a certified data protection officer, management consultant and owner of AdOrga Solutions. Through her more than 25 years of professional experience in international companies (as COO, project / QM manager, group data protection officer), she has extensive knowledge of various corporate structures and processes as well as data protection Management, quality and information systems (e.g. ISO 9001, 27000). She is a member of the professional association of data protection officers in Germany (BvD) eV and of the German expert society (DESAG). Regina Mühlich works as a lecturer at Furtwangen University, the University of Freiburg, the Chamber of Crafts in Munich and Upper Bavaria and TÜV Rheinland Akademie GmbH. More information at www.adorgasolutions.de

Data protection in the personnel office: legally secure Manage employee data - 8 tips

The prerequisites for consent, the obligation to co-determination, the access and authorization concept, the deletion and retention plan are important aspects that must be taken into account when managing electronic personnel files.

Best of HR – Berufebilder.de®

1. Fast availability

Due to the nature of the system, access and authorizations can be granted relatively easily for a digital personnel file. Archiving and deleting data can also be automated. This simplifies work processes in the company and especially in the HR department, making them more efficient and effective. Employee information stored in a digital personnel file is available quickly and at any time for the authorized user.

2. Prevent abuse

Undeniably, the digital personnel file offers many advantages. From the point of view of privacy, however, it also harbors the possibility of abuse. The biggest danger is that it can be profiled by profiling another way to control employee performance and behavior.

In addition, privacy can be quickly violated by automated individual decisions. The use and use of the digital personal file should be regulated in writing, eg in a company policy or works agreement.

3. Codetermination obligation of the works council

The introduction of an electronic personnel file requires codetermination. In coordination with the works council or staff council, the introduction of the electronic personnel file for all employees is possible. The works council has a codetermination right if general assessment principles are introduced and this happens in the context of a technical facility, that is, an electronic system.

Paragraph 87 (1) sentence 6 of the Works Constitution Act applies here: “Unless there is a statutory or collective agreement, the works council has a say in the following matters: […] Introduction and use of technical equipment intended to act or perform monitor the worker; [...].

Tip: Text as PDF (please read the instructions!) or to this text complete eCourse or series Download. Actions or news via Newsletter!

4. Consent by the employee

The data protection law is a prohibition law with permission reservation (kind 6 DS-GVO), which means that the processing of personal data is inter alia only lawful,

  • if the person concerned agrees,
  • if the personal data are processed on any other permissible legal basis,
  • on the basis that they comply with the legal obligation to which the company is subject, or
  • to fulfill a contract or to carry out pre-contractual measures is required (recital 40 DS-GVO).

5. Observe storage periods

Employers must keep records of applicants and employees (employees), ie the file in paper form in the openable file cabinet, the digital file electronically using a personnel information system. In many cases, there are no provisions on retention and deletion periods, so application and employee records are often kept longer than allowed.

The collection and storage of applicant data serve their purpose until the appropriate candidate is found. If the candidate is unsuitable and / or rejected for the position, the purpose is removed and the data is to be deleted.

6. Adhere to deletion deadlines

If application documents are to be deleted, the existing retention periods may be contrary to this. For example, Paragraph 21 Paragraph 5 AGG (breach of the prohibition of discrimination) grants a period of two months for bringing such action, or the court grants an extension of the time limit. So it can certainly be assumed that a justified retention period of three months. The danger of an AGG action is not infinite.

An applicant must indicate a disadvantage for a feature prohibited by the AGG within the two-month period of § 15 para. 4 AGG. If this period has expired, all personal data must be deleted irrevocably. This also applies to handwritten notes that z. B. during the interview were made. The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW) does not consider storage for more than three months necessary.

7. Written consent required for longer storage

If the company wishes to retain the personal data, ie the application documents, after filling the position for which the applicant has applied, because his profile may be of interest for a later date, the applicant must agree in writing to this further storage (§ 26 para 2 sentence 3 BDSG).

8. Document data protection

Regardless of this, the data protection requirements are in accordance with Article 32 DS-GVO security of the processing with regard to the system used to store and use the electronic personnel file to implement, document and regularly check by the data protection officer and monitor their compliance. In addition, Art. 25 GDPR (data protection through technology design and data protection-friendly default settings) must be guaranteed. This applies to both a personnel management system and the use of an online applicant portal.

Incidentally, many of the points mentioned above also apply to application documents and personal files in paper form.

Buy text as PDF

Acquire this text as a PDF: Please send us an eMail with the desired title to support [at] berufebilder.de, we will then send the PDF to you immediately.

3,99 Book now

Books on the topic

Or for a little more directly buy a whole book or eCourse on this topic, read on. Here you will find a suitable selection.

Buy eCourse on Demand

Up to 30 lessons with 4 learning tasks each + final lesson as a PDF download. Please send us an eMail with the desired title to support [at] berufebilder.de. Alternatively, we would be happy to put your course together for you or offer you a personal, regular one eMail-Course - all further information!

19,99 Book now

2 responses to "data protection in the HR office: legally secure management of employee data - 8 tips"

  1. Bettina Fellenz says:

    Productivity and efficiency are becoming ever more important in our well-organized and fully automated working life, and people are left behind. A pity!

  2. Dieter G. says:

    Great post, keep it up.

Post a Comment

Your email address will not be published. Required fields are marked with * .

Ja, I would like to be informed about the latest promotions and offers via Newsletter be informed.

I hereby accept the Debate Rules and the Privacy policy with the possibility to contradict the use of my data at any time.

error: warning The content is protected!