Employer/ Employee relations : A GDPR perspective

Employer/employee relations gdpr

Today’s blog provides an overview of the GDPR’s expectations regarding employer/employee relations; specifically in terms of company policies on communication and security.

If you work or have worked in the corporate world then youre no stranger to the fact that in order to protect the organization, most companies have in place internal policies and procedures which speak to communications, internet usage, security access and personal data protection. Meanwhile across the board, more and more companies are utilizing video surveillance for a host of security and protective measures. But do these policies and video surveillance systems comply with the GDPR?

A recent investigation by the Hellenic DPA in regards to the lawfulness of access to and inspection of deleted employee emails as well as the use of surveillance on company premises offers a prime opportunity to delve into some of the GDPR mandates.

The Ηellenic DPA in response to a complaint conducted an investigation regarding the lawfulness of personal data processing on a server of ALLSEAS MARINE S.A., as well as the lawfulness of access to and inspection of deleted emails of a senior manager for whom there was suspicion that he had committed unlawful acts against the companys interests.

According to the EDPB article the Hellenic Data Protection Authority deemed that Allseas Marine S.A had in fact complied with the requirements of the GDPR and that its internal policies and regulations provided for a ban on the use of the companys electronic communications and networks for private purposes, and for the possibility of carrying out internal inspections.  As such, the Hellenic DPA found that the company had a legal right under Articles 5(1) and 6(1)(f) of the GDPR to carry out an internal investigation searching and retreating employees emails.

However as it related to Allseas Marines utilization of a closed-circuit video surveillance system, the DPA determined that the system had been installed and operated illegally. Further, the recorded material submitted to the Authority was considered illegal. The EDPB article further noted that the Hellenic Authority found that the company did not satisfy the employees right of access to his personal data contained in his corporate PC.

As a result of its investigation the Hellenic DPA also determined that the company did not satisfy the employees right of access to his personal data contained in his corporate PC.

In response to these GDPR infringements the Hellenic DPA has therefore mandated Allseas Marine S.A to take several corrective measures in order to comply with the GDPR. Allseas Marine was also fined 15,000.

Has your company examined its employee policies since the 2018 implemented the GDPR? What about a review of your firms video surveillance utilization? Are you GDPR compliant? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing.  We can help your company get on track towards full compliance. Contact us today.

Leave a Comment

(0 Comments)

Your email address will not be published. Required fields are marked *