This paper poses the following questions: What do companies have to consider to act compliant to GDPR? And which restrictions apply to companies in context with employee data processing? The objective of this paper is to find answers to these questions and to derive appropriate recommendations for action to support German companies in implementing appropriate measures for GDPR compliance. Companies need to collect and process personal data about their employees over the whole employee life cycle, from recruiting, over development until exit of employees. Consequently, companies are affected by the European Union’s General Data Protection Regulation (GDPR), which came into effect on the 25th of May 2018.

It regulates the processing of personal data by a company, an organization or an individual related to natural persons, also called data subjects. As in companies, the human resource department is involved in the whole employee journey, they play a major role as an entity which controls and processes personal data. Therefore, the implementation of appropriate measures to comply with the GDPR as laid out in this paper is essential for all companies who employ people. In the course of the advancing digitization, companies depend more and more on data and face several challenges, ranging from a frequently changing workforce, to ever-changing regulations to the unexpected pandemic with a shift of the way of working with employees and the enforcement to re-think the way employees are managed.

According to Statista, Germany has the second highest aggregated value of GDPR fines imposed in Europe between May 2018 and January 2021 with 69 million euro. Only Italy registered 300.000 euro more fines during that period. No deviation between the kind of data breaches, whether related to customers or to employees could be identified. The author assumes there are employee data breaches included, especially in cases when employees are not satisfied with the company anymore or when they got fired. Fines resulting from non-compliance with GDPR are set at 20 million euro or up to 4 per cent of the annual total income of the preceding financial year, whichever is higher.

Extrait

Inhaltsverzeichnis (Table of Contents)

Introduction
- Problem and objectives
- Methodology and structure
Basic Definitions
- Personal data
- Processing
- Restriction of processing
- Controller
- Processor
Analysis of data processing restrictions concerning employees
- Personal data protection rights of a natural person
- Obligations of personal data controllers and processors
- Personal data processing restrictions during the employee life cycle
  - Restrictions in recruiting activities
  - Restrictions during employment and performance measurement
  - Restrictions after termination of employment
Compliance implementation recommendation for German companies
Conclusion and Outlook

Zielsetzung und Themenschwerpunkte (Objectives and Key Themes)

This paper aims to analyze the restrictions on personal data processing concerning employees in German companies, specifically focusing on the implementation of the European Union's General Data Protection Regulation (GDPR). It examines the challenges companies face in managing employee data, especially in the context of digitalization, evolving regulations, and remote work. The paper also explores the potential risks and consequences of non-compliance with the GDPR.

Personal data processing restrictions according to GDPR
The role of the human resources department in data protection
Challenges of compliance with GDPR in the digital workplace
Recommendations for companies to ensure GDPR compliance in employee data processing
The impact of GDPR on the employee life cycle

Zusammenfassung der Kapitel (Chapter Summaries)

The introduction presents the problem of data processing restrictions concerning employees in German companies and outlines the objectives and structure of the paper. The second chapter defines key terms such as "personal data", "processing", and "controller" to establish a common understanding of the legal framework. Chapter three analyzes the restrictions on personal data processing concerning employees, examining their legal rights and the responsibilities of controllers and processors. It then delves into the specific restrictions that apply at different stages of the employee life cycle, from recruitment to termination of employment. The fourth chapter provides practical recommendations for German companies to ensure GDPR compliance in their employee data processing practices.

Schlüsselwörter (Keywords)

This paper examines the key aspects of GDPR, employee data protection, digitalization, data processing restrictions, compliance, human resources management, and data protection best practices for German companies. The primary focus is on analyzing the legal requirements for processing employee data and identifying practical solutions for ensuring compliance.

Fin de l'extrait de 25 pages - haut de page

Résumé des informations

Titre: Personal data processing restrictions concerning employees. Implementation recommendation for German companies
Université: The FOM University of Applied Sciences, Hamburg
Note: 1,3
Auteur: Claudia Peter (Auteur)
Année de publication: 2021
Pages: 25
N° de catalogue: V1168644
ISBN (PDF): 9783346582942
ISBN (Livre): 9783346582959
Langue: anglais
mots-clé: GDPR Personal Data Processing Employees Germany Restrictions Implementation recommendation
Sécurité des produits: GRIN Publishing GmbH

Citation du texte: Claudia Peter (Auteur), 2021, Personal data processing restrictions concerning employees. Implementation recommendation for German companies, Munich, GRIN Verlag, https://www.grin.com/document/1168644

Personal data processing restrictions concerning employees. Implementation recommendation for German companies