GDPR and employee privacy in the workplace

JUDr. Ondřej Preuss, Ph.D.
23. 11. 2023
6 minutes of reading
6 minutes of reading
Labour law

TheGDPR has brought a number of changes to protect personal data. How should employers approach their obligations under the GDPR? And when and how can employees be monitored in the workplace? Find out in this article.

What the GDPR brings

TheGDPR, or the new legal framework for data protection, haunts a lot of people, including businesses. The GDPR was created to protect the rights of European Union citizens against unauthorized handling of their personal data, including employees, to the maximum extent possible. In practice, however, it is more about consolidating and deepening the existing regulation. Moreover, the Czech regulation has always been stricter than the EU average, so it is not a revolution. Nevertheless, businesses should be careful, as the new regulation can be abused by competitors to make specific disclosures.

Businesses should first of all focus on adjusting their terms and conditions, they should create at least a basic internal directive on how to handle data, and they should also clearly inform their clients and employees about new rights under the GDPR, such as the right to be forgotten or data portability.

Tip: Whether you own an e-shop or a business, you shouldn’t miss the terms and conditions. We can modify your existing terms and conditions or create them tailored to your business.

On the contrary, it is a myth that it would no longer be possible to send out marketing communications (e.g. in the form of newsletters sent to email) to long laboriously created client databases without new explicit consent under the GDPR and that it is not possible to collect, for example, employees’ birth numbers. In fact, marketing communications can be sent if the entrepreneur has obtained the contact information on the basis of a past order. In this case, however, customers must be able to easily and free of charge opt-out of receiving further marketing communications. Similarly, employees’ birth numbers can also be collected, even without their consent. This is because the employer needs the birth number in order to comply with the reporting obligation to the employee’s health insurance company.

How to handle data under the GDPR

It is important to note that the employer must treat the employees’ personal data as employee property, which it only has on loan for certain, pre-determined and statutory purposes and can therefore only use it for these purposes, such as calculating wages, communicating with the employee or evaluating cooperation (e.g. for the purposes of promotion or termination of employment). The employer must therefore take such measures to prevent unauthorised access to personal data.

Tip: We can help you lay off employees. Validly, permanently and unquestionably. You can resolve everything with us in just two days, conveniently and online.

An unauthorised person is anyone who is not obliged to handle personal data. Thus, personnel files should be kept, for example, in locked cabinets, accessible only to authorised persons. The possibility of accessing their electronic processing must be limited to a small number of employees and all processing of personal data must be logged (a record kept), where processing includes consultation. This is particularly the case for large companies that process hundreds of thousands of personal data (often very sensitive) and yet there is no record of who, out of a possible 25 people, has accessed it.

For smaller employers, again, there may be a problem of data being passed on in a sort of completely informal way. For example, the distribution of pay slips to employees, which is often done in a way where other employees can read each other’s pay and bonuses. However, salary and bonus information is personal information that can be the envy of others.

GDPR audit for businesses

Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.

Is it possible to monitor employees in the workplace?

However, what is even more important for employees than the protection under the GDPR, which is generally rather overestimated, is the fact that the law provides that an employer may not, without a serious reason based on the specific nature of its activities, violate the privacy of an employee, not only in the workplace, but also in public areas. For example, by subjecting the employee to overt or covert surveillance.

Nor is the protection of property automatically a ground justifying surveillance. However, if it is a workplace where, for example, frequent thefts occur or where compliance with a technological procedure needs to be checked, it is possible to monitor certain areas. However, there must be genuinely compelling reasons for doing so. For example, in a chemical plant, security is more important than privacy and the progress of an employee in the laboratory must be monitored. Recording can be used here. However, the same does not apply in an office or gym. In any case, monitoring should definitely not be secret.

If an employee does not agree to monitoring in the workplace, he or she should make his or her objections known to the employer. If the employer does not accept the objections and continues the monitoring, it would be possible to contact the State Labour Inspectorate or the Office for Personal Data Protection. Such unauthorised handling of personal data is punishable by fines of up to hundreds of thousands of euros. Moreover, if an employer has any evidence against an employee taken illegally , it cannot stand up, for example, in a dispute over the validity of an employee’s dismissal “caught” by such a camera.

The employer cannot even look at the emails of its employees, even if they are sent and received with a work address. It can only look at them if there is a suspected breach of work duties. But even in this case, it can only check the subject line of the recipient, not the content. Even if he finds some misconduct in this way, it may not be valid evidence or a defensible reason to dismiss the employee.

There is, however, an interesting case where the European Court of Human Rights dealt with the dismissal of a Romanian employee who was dismissed for enormous private chatting during working hours. He was in charge of customer support and his employer asked him to create an official Yahoo! Messenger account where he was tasked with responding to customer queries. However, the employee used it for personal purposes and not to a very small extent.

The employer later began to suspect that something was wrong, but the employee refused everything in writing. Whereupon the employer then produced a transcript of very personal erotic conversations. On this basis, the employee was given notice of termination, which he then sought to defend against in court. However, he was unsuccessful in this case. The court acknowledged that personal rights had been infringed, but gave priority to the protection of the employer in this case. However, it is important to emphasise the word this time, because this is not always the case.

Employers have the right to control the use of their work resources, but they cannot arbitrarily invade the privacy of their employees. It’s pretty thin ice a court might not always rule in favor of the employer. Particularly in the age of mobile devices, it is virtually impossible to supervise employees not to leave during working hours, which is why even most employers today are moving away from strict prohibitions.

Are you solving a similar problem?

Dostupný advokát team of online lawyers will solve it for you.

GDPR audit for businesses

Our GDPR audit for entrepreneurs will reliably prepare you for everything that the Data Protection Regulation brings. We guarantee that you will be able to find the right solution according to the current legislation. We’ll get everything done quickly and so that you don’t have to worry about a thing. You can pay only after the service has been provided.

Preset Prices
When you order, you know what you will get and how much it will cost.
Online and in person
We handle everything online or in person at one of our 4 offices.
We Work Fast
We handle 8 out of 10 requests within 2 working days.
Experienced Team
We have specialists for every field of law.

Has this content helped you? Give it a rating

No rating yet. Be first to rate and help others.

Author of the article

JUDr. Ondřej Preuss, Ph.D.

Ondřej is the attorney who came up with the idea of providing legal services online. He's been earning his living through legal services for more than 10 years. He especially likes to help clients who may have given up hope in solving their legal issues at work, for example with real estate transfers or copyright licenses.

Education
  • Law, Ph.D, Pf UK in Prague
  • Law, L’université Nancy-II, Nancy
  • Law, Master’s degree (Mgr.), Pf UK in Prague
  • International Territorial Studies (Bc.), FSV UK in Prague

Reviews of the Dostupný advokát service

Recenze služby
reviews on Google

Monika Holcátová, Prague

Your reputation is well deserved. All our contracts were done quickly and accurately. In addition, Dostupný advokát explained the legal regulations for our property easement, which I found critical to our success because as a layman I had no idea what problems that could cause us. I have no suggestions for improving your service, because I am completely satisfied.

Recenze služby
Economist

Jan Sekanina, Prague

My grandparents wanted to give me an apartment, but I was extremely busy at the time and couldn’t afford to put any time into finding out what I needed to do. I also had no idea how to get the transfer of ownership handled at the Land Registry. Dostupný advokát arranged everything for me, and the apartment transfer was legally arranged with no issues. Thank you and thumbs up!

Recenze služby
Vrátný & Čáp s.r.o.

Jan Vrátný, Veselí nad Lužnicí

I work as a self-employed craftsman and I know my field very well. Unexpected events happen, however, and I sometimes have to deal with problems where I need quality legal advice. I don’t like calling legal offices, getting sucked into discussions with terms I don’t understand. Dostupnyadvokat.cz is different. My first time, they replied immediately and together we created a contract custom tailored to my exact needs. I continue to be very happy with both their work and their price.

View All Testimonials

You could also be interested in

We can also solve your legal problem

In person and online. Just choose the appropriate service or opt for an independent consultation when you are unsure.

Google reviews
4.9
Facebook reviews
5.0
5 200+ people follow our Facebook
140+ people follow our X account (Twitter)
140+ people follow our LinkedIn
 
We can discuss your problem online and in person

You can find us in 4 regional towns

Quick contacts

+420 775 420 436
(Mo–Fri: 8–18)
We regularly comment on events and news for the media