GDPR Related National Laws & Modifications
The European Union’s General Data Protection Regulation (GDPR) sets a common standard for protecting personal data across the EU. It also allows member nations some flexibility to create additional provisions and limitations. Some examples, which may impact HR teams, include the ability for EU member states to:
- provide “specific rules to ensure the protection of…employees’ personal data in the employment context” (Art. 88);
- limit the transfer of “specific categories of personal data to a third country or international organization” if the country (or international organization) is deemed not to have adequate protections in place (Art. 49, (5)); and,
- “determine the specific conditions for the processing of a national identification number or any other identifier of general application” (Art. 87).
Derogations in the Netherlands
The Dutch GDPR Implementation Act (UAVG) does not contain any derogations specific to employee data privacy. Under the Act, there are some exceptions to the prohibition on processing data concerning health (UAVG, Art. 30) and processing data that’s of a criminal nature (UAVG, Art. 32).
Employers should also be aware of works council approval requirements. Works council approval is necessary for employers to adopt, amend or revoke regulations concerning the processing and protection of employee personal data (Works Councils Act, Sec. 27 sub 1(k)).