GDPR and employee privacy in the workplace

TheGDPR has brought a number of changes to protect personal data. How should employers approach their obligations under the GDPR? And when and how can employees be monitored in the workplace? Find out in this article.

6 minutes of reading

What the GDPR brings

TheGDPR, or the new legal framework for data protection, haunts a lot of people, including businesses. The GDPR was created to protect the rights of European Union citizens against unauthorized handling of their personal data, including employees, to the maximum extent possible. In practice, however, it is more about consolidating and deepening the existing regulation. Moreover, the Czech regulation has always been stricter than the EU average, so it is not a revolution. Nevertheless, businesses should be careful, as the new regulation can be abused by competitors to make specific disclosures.

Businesses should first of all focus on adjusting their terms and conditions, they should create at least a basic internal directive on how to handle data, and they should also clearly inform their clients and employees about new rights under the GDPR, such as the right to be forgotten or data portability.

Tip: Whether you own an e-shop or a business, you shouldn’t miss the terms and conditions. We can modify your existing terms and conditions or create them tailored to your business.

On the contrary, it is a myth that it would no longer be possible to send out marketing communications (e.g. in the form of newsletters sent to email) to long laboriously created client databases without new explicit consent under the GDPR and that it is not possible to collect, for example, employees’ birth numbers. In fact, marketing communications can be sent if the entrepreneur has obtained the contact information on the basis of a past order. In this case, however, customers must be able to easily and free of charge opt-out of receiving further marketing communications. Similarly, employees’ birth numbers can also be collected, even without their consent. This is because the employer needs the birth number in order to comply with the reporting obligation to the employee’s health insurance company.

How to handle data under the GDPR

It is important to note that the employer must treat the employees’ personal data as employee property, which it only has on loan for certain, pre-determined and statutory purposes and can therefore only use it for these purposes, such as calculating wages, communicating with the employee or evaluating cooperation (e.g. for the purposes of promotion or termination of employment). The employer must therefore take such measures to prevent unauthorised access to personal data.

Tip: We can help you lay off employees. Validly, permanently and unquestionably. You can resolve everything with us in just two days, conveniently and online.

An unauthorised person is anyone who is not obliged to handle personal data. Thus, personnel files should be kept, for example, in locked cabinets, accessible only to authorised persons. The possibility of accessing their electronic processing must be limited to a small number of employees and all processing of personal data must be logged (a record kept), where processing includes consultation. This is particularly the case for large companies that process hundreds of thousands of personal data (often very sensitive) and yet there is no record of who, out of a possible 25 people, has accessed it.

For smaller employers, again, there may be a problem of data being passed on in a sort of completely informal way. For example, the distribution of pay slips to employees, which is often done in a way where other employees can read each other’s pay and bonuses. However, salary and bonus information is personal information that can be the envy of others.

GDPR audit for businesses

Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.

Is it possible to monitor employees in the workplace?

However, what is even more important for employees than the protection under the GDPR, which is generally rather overestimated, is the fact that the law provides that an employer may not, without a serious reason based on the specific nature of its activities, violate the privacy of an employee, not only in the workplace, but also in public areas. For example, by subjecting the employee to overt or covert surveillance.

Nor is the protection of property automatically a ground justifying surveillance. However, if it is a workplace where, for example, frequent thefts occur or where compliance with a technological procedure needs to be checked, it is possible to monitor certain areas. However, there must be genuinely compelling reasons for doing so. For example, in a chemical plant, security is more important than privacy and the progress of an employee in the laboratory must be monitored. Recording can be used here. However, the same does not apply in an office or gym. In any case, monitoring should definitely not be secret.

If an employee does not agree to monitoring in the workplace, he or she should make his or her objections known to the employer. If the employer does not accept the objections and continues the monitoring, it would be possible to contact the State Labour Inspectorate or the Office for Personal Data Protection. Such unauthorised handling of personal data is punishable by fines of up to hundreds of thousands of euros. Moreover, if an employer has any evidence against an employee taken illegally , it cannot stand up, for example, in a dispute over the validity of an employee’s dismissal “caught” by such a camera.

The employer cannot even look at the emails of its employees, even if they are sent and received with a work address. It can only look at them if there is a suspected breach of work duties. But even in this case, it can only check the subject line of the recipient, not the content. Even if he finds some misconduct in this way, it may not be valid evidence or a defensible reason to dismiss the employee.

There is, however, an interesting case where the European Court of Human Rights dealt with the dismissal of a Romanian employee who was dismissed for enormous private chatting during working hours. He was in charge of customer support and his employer asked him to create an official Yahoo! Messenger account where he was tasked with responding to customer queries. However, the employee used it for personal purposes and not to a very small extent.

The employer later began to suspect that something was wrong, but the employee refused everything in writing. Whereupon the employer then produced a transcript of very personal erotic conversations. On this basis, the employee was given notice of termination, which he then sought to defend against in court. However, he was unsuccessful in this case. The court acknowledged that personal rights had been infringed, but gave priority to the protection of the employer in this case. However, it is important to emphasise the word this time, because this is not always the case.

Employers have the right to control the use of their work resources, but they cannot arbitrarily invade the privacy of their employees. It’s pretty thin ice a court might not always rule in favor of the employer. Particularly in the age of mobile devices, it is virtually impossible to supervise employees not to leave during working hours, which is why even most employers today are moving away from strict prohibitions.

Are you solving a similar problem?

Dostupný advokát team of online lawyers will solve it for you.

GDPR audit for businesses

Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.

Preset Prices
All services pre-priced for no surprises.
We Do Everything Online
Save time, money and the hassle of travel.
We Work Fast
90 % of issues get solved by the following day.
Experienced Team
We have specialists for every field of law.

Has this content helped you? Give it a rating

No rating yet. Be first to rate and help others.

Author of the article

JUDr. Ondřej Preuss, Ph.D.

Ondřej is the attorney who came up with the idea of providing legal services online. He's been earning his living through legal services for more than 10 years. He especially likes to help clients who may have given up hope in solving their legal issues at work, for example with real estate transfers or copyright licenses.

  • Law, Ph.D, Pf UK in Prague
  • Law, L’université Nancy-II, Nancy
  • Law, Master’s degree (Mgr.), Pf UK in Prague
  • International Territorial Studies (Bc.), FSV UK in Prague

Reviews of the Dostupný advokát service

Recenze služby

Ing. Jana Žáčková, Prague

before 4 years

My boyfriend and I had the lease contract for our first apartment checked by Dostupný advokát and were glad to learn about our rights, and all the steps we needed to take.

Recenze služby

Štěpán Mičunek, Vsetín district

before 4 years

I contacted Dostupný advokát because I needed help with a non-payer. Dostupný advokát gave me advice on how to proceed. The dispute became a court issue, where I was represented by Dostupný advokát. I won the court case and I can fully recommend their service.

Recenze služby

Lukáš Řezníček, Prague 6 – Bubeneč

before 4 years

I am giving both the website and service provided my very highest rating. Dostupný advokát found a hidden risk in my contract for the transfer of an apartment, which would have cost me tons of money.

View All Testimonials

You could also be interested in

About us in public media
Logo Česká advokátní komora Logo Advokátní kancelář roku 2023 a 2024
Follow the news
Facebook Dostupný advokát Twitter / X Dostupný advokát