About Us

Employee data protection

Handling of Employee data in employment

The COVID-19-Pandemic has revealed the demand and opportunities of digital workspace. While companies mostly focus on data protection law related to their customers, the importance of data protection within the company and the legitimate handling of the employees’ personal data has grown. Data protection laws will only be entirely complied with, if companies also consider and carefully implement both employee data protection and security requirements.

The COVID-19-Pandemic has globally affected many companies by boosting the transfer into a digital workspace and the exchange of data. Apart from data protection interests of the company, employees are interested in having their personal data protected from unauthorized access and usage in accordance with statutory provisions and regulations. The constantly rising importance of digital correspondence and the digitalization of workflows necessarily leads to dealing with employee data protection issues.

Deloitte Legal Leaflet: Employee data protection

Challenge of Employee Data Protection

Besides the general obligation to ensure appropriate data protection, companies are in particular obliged to protect personal data and sensitive information of its employees and to handle said data in a responsible manner. In this regard, companies have quite often to cope with the following challenges:

  • handling of applicant data;
  • collection of employee data;
  • requirements of (group-wide) employee data storage and transfer;
  • evaluation of employee data in terms of performance and conduct monitoring;
  • legal notification duties vis-á-vis employees;
  • participation of the works council related to employee data protection matters.

A digitalized working environment is based and relies on processing employee data. In this context, the protection of the employees’ privacy is not only important as regards digitalized work and workflows but also with a view to possible control- and surveillance-tools of the employees’ working environment. Simultaneously, data protection law guarantees that personal employee data may only be used to a legally permissible extent. Having said that, from an employee’s perspective the following aspects are most relevant:

  • extent of the duty to provide personal data;
  • purpose of employee data collection and processing;
  • extent of employee data usage and processing in terms of performance and conduct monitoring;
  • extent of the right of access and information.
    Moreover, legislation has granted numerous rights and duties to the works council. In this regard, the works council’s obligation to protect the general right of privacy of each employee is of high importance. Thus, the works council needs also to ensure the applicability of appropriate employee data protection within the company. In addition, according to the General Data Protection Regulation (GDPR) agreements between the company and the works council may serve as legal basis for the processing of employee data. Therefore, the following questions often arise from a works council’s perspective:
  • tasks and duties of the works council with regard to the protection of the employees’ personal data;
  • extent of the works council's rights to information, consultation and co-determination;
  • shop agreements as a legally permissible basis for the processing of personal data.


The Solution

However, the good news is that there is a solution for companies – also and even when taking the interests of your employees and the works council into account. We support our clients on the path to compliance with regard to the aspects and regulations to be observed by means of the employee data protection law. In doing so, we make use of the flexibility provided by the data protection law, but at the same time take into account the individual risk profile, which is influenced by a multitude of parameters. The focus of our work is the shaping of internal company processes for handling personal employee data in accordance and in compliance with all applicable employee data protection provisions including the corresponding documentation pertaining to employee data protection, while at the same time taking all aspects relevant to data security into account.

For clients who would like to fully focus on their core business, we offer our Privacy Manager by Deloitte, an innovative technology-supported service assisting companies - completely digitally - in terms of organizing and managing all data protection law challenges.

We help you to implement standardized processes with regard to feared or possibly already committed infringements of employee data protection rules. In doing so, we bundle our (employee) data protection and data compliance expertise with the experience gained from sanction-relevant incidents and thus contribute to an appropriate solution whilst aiming at achieving a minimum of potential sanctions.


Best Positioned for You

As legal advisors, we work together with Deloitte's technology and process experts on various interdisciplinary projects and therefore have the appropriate experience to deliver holistic solutions even for complex legal issues.

Deloitte Legal combines professional expertise and experience in the area of law, tax, management consulting and IT consulting with global resources to provide cross-border interdisciplinary advice. Our team of highly specialized lawyers provides comprehensive and high-quality advice on data protection and data security.

Are you interested? Please feel free to contact us! We will be happy to provide you with a detailed overview of our employee data protection and security solutions upon your kind request.

Did you find this useful?