The European Union’s General Data Protection Regulation (GDPR) sets a common standard for protecting personal data across the EU. It also allows member nations some flexibility to create additional provisions and limitations. Some examples, which may impact HR teams, include the ability for EU member states to:
The Dutch GDPR Implementation Act (UAVG) does not contain any derogations specific to employee data privacy. Under the Act, there are some exceptions to the prohibition on processing data concerning health (UAVG, Art. 30) and processing data that’s of a criminal nature (UAVG, Art. 32).
Employers should also be aware of works council approval requirements. Works council approval is necessary for employers to adopt, amend or revoke regulations concerning the processing and protection of employee personal data (Works Councils Act, Sec. 27 sub 1(k)).