GDPR Related National Laws & Modifications
The European Union’s General Data Protection Regulation (GDPR) sets a common standard for protecting personal data across the EU. It also allows member nations some flexibility to create additional provisions and limitations. Some examples, which may impact HR teams, include the ability for EU member states to:
- provide “specific rules to ensure the protection of…employees’ personal data in the employment context” (Art. 88);
- limit the transfer of “specific categories of personal data to a third country or international organization” if the country (or international organization) is deemed not to have adequate protections in place (Art. 49, (5)); and,
- “determine the specific conditions for the processing of a national identification number or any other identifier of general application” (Art. 87).
Derogations in the Czech Republic
EU member nations are updating their current data protection policies to align with the GDPR. Czech Republic’s proposed Data Processing Act is currently under discussion in the Parliament.
While the Data Processing Act has not been implemented yet, note that the Czech Labor Code (Sec. 316) has set specific requirements relating to employee privacy, including:
- Informing employees in advance of any employee monitoring (both in scope and method). Monitoring of employee emails, letters or calls is restricted unless there is a serious cause, and employees have been informed of the scope and method of monitoring.
- Only permitting employers to request employee information that directly relates to performance of work or the basic employer relationship (i.e. you can’t require unnecessary personal information). Employers can’t require information relating to sexual orientation, origin (i.e. ethnicity), trade union membership, membership in political parties or movements, religion/confession or criminal records.
- Employers can only request information relating to pregnancy, family/property situation, or criminal records when there is cause (i.e. when it may impact the work to be performed), and if the request for information is appropriate or necessary to comply with the Labor Code or other legal acts. This information must be obtained directly from employees, and can’t be obtained in other ways such as through third parties.
Ultimate Software's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where Ultimate Software's customers have employees. HR Compliance Assist is a service exclusively available to Ultimate Software customers.