Privacy & HR Specialists

Firstly, we need to define what kind of data do HRs collect?

?? Identifying information: first name, last name, date of birth, address, phone number, email address. Employment history: information about previous jobs, positions, length of employment, skills and qualifications.

?? Financial information: salary details, bank details for salary transfers. Health information: information about medical certificates, health conditions if required for the job. Marital status data: information about family members if it affects working conditions or social security.

How should HR collect and process employee data?

According to the GDPR, HR professionals and company management must comply with a number of rules when processing personal data:

?? The Principle of Lawfulness, Integrity and Transparency

HR professionals must ensure the lawfulness of data processing, which means that personal data can only be collected and processed if there are legitimate grounds: the employee's consent or the need to fulfil an employment contract (Article 6 GDPR).

When collecting data from candidates during an interview, the HR manager must inform them in advance what data will be collected and for what purpose.

?? Purpose limitation

Personal data may only be collected for predetermined and legitimate purposes, and may not be further processed in a way that is incompatible with those purposes (Article 5 GDPR). For example, data collected to assess candidates cannot be used for a newsletter about the company.

?? Data minimisation

HR professionals should only collect data that is necessary to fulfil specific purposes. This means not asking for redundant information that is not relevant to the job.

?? Data accuracy

HR professionals have a duty to ensure that personal data is accurate and up to date. Information must be updated regularly, and outdated data must be deleted (Article 5 GDPR). For example, if an employee changes their name after getting married, HR must amend their personnel file to avoid confusion and ensure that the data is up to date.

?? Data storage

Personal data must be stored in a form that allows the identification of data subjects for no longer than is necessary for the purposes for which it was collected (Article 5 GDPR). This implies the need for a clear data retention policy. At the end of an employee's employment, the HR manager must delete their personal data from the active database in accordance with the company's data retention policy.

?? Security of processing

HR professionals must take appropriate technical and organisational measures to ensure the security of personal data. This includes protecting the data from unauthorised access, loss or destruction (Article 32 GDPR).

In addition, access to a database containing personal data should be restricted to only those employees who actually need the data to carry out their duties, such as HR managers and accountants.

?? Data subject rights

Employees have the right of access, rectification, erasure, restriction of processing and portability of their personal data. HR specialists must be prepared to ensure that these rights are realised (Articles 15, 16, 17, 18, 19, 20 GDPR).

A basic knowledge of data protection is necessary for all employees. This will protect your team from privacy breaches and your company from fines.With the GDPR Data Privacy Professional course, you can gain the necessary knowledge and skills in 4 weeks. The next start date is 14 January. Hurry up and register at link.