Regulatory
Data protection
Employees & privacy
3 min
⚡tl;dr the employer processes its employees' personal data and acts as a controller health related data such as sickness leave details are sensitive personal data your employees must be properly trained to avoid security breaches you need consent to keep an applicant's file after the recruitment period book a free call with us why is that relevant? when hiring, paying, or generally interacting with employees, the employer processes personal data and acts as a controller subject to data protection laws the processed data generally include recruitment data cv, letter of motivation, picture, etc identification data name, address, residence permit, etc financial data iban, salary information, etc health data sickness, injury, insurance related information, etc other sensitive data union membership, religious beliefs, biometric data, etc an employer must properly inform its employees to ensure that it can fulfill its obligations and be compliant a company cannot be compliant if its employees are, for example, processing personal data outside of the scope communicated by the company to the data subjects read more on the lexr blog https //www lexr com/en ch/blog/it security employees/ https //www lexr com/en ch/blog/it security employees/ what should i pay attention to as an employer? obligation to inform as a controller, the employer must inform the data subjects (i e , the employees) of its role as controller the type of data being processed and where they are coming from the processing purposes the data retention period the categories of data recipients (e g , in case of third party transfer) this can be done in an internal privacy policy shared with all employees upon their onboarding you usually do not need to obtain consent from the employees indeed, the legal ground to process personal data in such cases is to execute a contract for example, the employer has a legitimate interest to know the iban of its employees in order to pay them as per the employment agreements processing sensitive data employers often process sensitive data this is notably the case of any health related data (e g , sickness of employees, pregnancy, etc ) processing sensitive data calls for additional measures check out our basics docid 1yx11y4y4gp8 kbznuiw8 page for more information recruitment data during the hiring process, an employer also processes the personal data of the applicant usually, the applicant is informed directly about the personal data processed via the public facing privacy and cookies policies docid\ d qvtdko8ubv8hewvtf6m the key question for recruitment data is about the retention period the employer only has a legitimate interest in processing data during the recruitment phase once the applicant has been denied, the employer needs consent to keep processing the applicant's data this means that an employer must ask for consent in order to keep an applicant's file in case another job opens at a later stage best practices employee privacy policy an employee privacy policy is implemented with regard to the data processed by the company as an employer this policy is presented to new hires employee health data the number of people having access to the employee's health details is limited to a strict need to know basis applicant's file if the company wants to keep the file of a rejected applicant for more than 6 months, the applicant's consent is requested and protocoled how do i get this done? book a free call here check out our employee awareness workshop package here