GDPR Related National Laws & Modifications
The European Union’s General Data Protection Regulation (GDPR) sets a common standard for protecting personal data across the EU. It also allows member nations some flexibility to create additional provisions and limitations. Some examples, which may impact HR teams, include the ability for EU member states to:
- provide “specific rules to ensure the protection of…employees’ personal data in the employment context” (Art. 88);
- limit the transfer of “specific categories of personal data to a third country or international organization” if the country (or international organization) is deemed not to have adequate protections in place (Art. 49, (5)); and,
- “determine the specific conditions for the processing of a national identification number or any other identifier of general application” (Art. 87).
Derogations in Austria
The Austrian Data Protection Act includes a few provisions which can impact HR data processing. This Act, in conjunction with the Collective Labour Relations Act, sets requirements that relate to the processing of employee data.
Under the law, data controllers as well as data processors must have employees contractually agree to only process personal data for specific purposes, and to ensure data secrecy. This is usually done through a short confidentiality and data secrecy agreement signed by each employee.
In addition, some provisions are especially relevant for employee control measures (e.g. CCTV, IT monitoring, location tracking, whistleblowing hotlines, etc). Employers are expected to notify the works council (if one exists) of any personal employee data that is being processed automatically along with any data that may be transferred. Further, employers may need to get works council approval before processing certain employee data and may need to give the council permission to view employee data for inspections. Individual employee consent is required if the works council will be inspecting the data of an individual employee.
Led by PeopleDoc’s Chief Legal & Compliance Officer, the HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers, including the global law firm Morgan Lewis, to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where PeopleDoc’s customers have employees. HR Compliance Assist is a service exclusively available to PeopleDoc customers.