The big question: How do we deal with the personal data of employees?
Every company is responsible for the security of their employees’ personal data – no matter whether it is stored digitally or more traditionally in the personnel file. To what extent you are allowed to evaluate and process this data depends on what you intend to use it for. Some companies, such as food producers, are required to collect data from their employees’ health checks periodically in addition to the usual data. Other companies might not be allowed to do this since there is no legal basis on which to justify the collection and storage of such data.
The topic of data processing becomes even more complex if the company in question is part of a group. Parent or subsidiary companies might periodically ask for personal data about your employees. This process has to be considered critically, however: in Germany, there is no legal basis on which a group can simply transfer personal data of employees back and forth.
If you task a third party with the processing of personal data (for example to take care of your IT infrastructure) you are required to respect certain data protection laws, which is a fact that is often overlooked. We offer corresponding templates for contracts and check the submitted documents for you.
Since our primary focus is to protect people, we attach great importance to how you handle the personal data of your employees. For many years our data protection officers have gained experience in this process through their work with groups from Germany and all over the world. We are happy to give you practical advice on this complex topic.