Employee Data Protection in Germany

German Employment Lawyers

Employee Data Protection in Germany

German Employment Lawyers

Advancement in technology and constantly evolving digitalisation impact employment relationships. Employers increasingly rely on the digital recording of relevant data, especially concerning the keeping of personnel files. Employees generally want to be assured that their data protection rights are respected. Similarly, the data processing employer also wants to protect themselves from involvement in a data breach scandal. This is also understandable because of growing and stricter regulations.

At Schlun & Elseven Rechtsanwälte, our lawyers advise employers and employees on all matters relating to data protection in the workplace in Germany. If you require legal assistance in this area, please do not hesitate to contact our law firm directly.

You are here: Home » German Employment Lawyer » Employee Data Protection in Germany

Google Rating | Based on 419 reviews

Employee Data Protection: Legal Advice for Companies

Due to developments in the field of data protection, the German legislature has felt compelled to resolve the conflict between the recording of (sometimes sensitive) personal data and the right to self-determination concerning personal information guaranteed by fundamental rights (Article 2 (1) in conjunction with Article 1 (1) of the Grundgesetz (German Constitution)).

Strict regulations are set to standardise fines and other sanctions for data protection violations (Art. 83 GDPR). The intended protection of the employee, who is probably in a weaker position in this context, should therefore ensure that the employer only collects and processes the employee’s personal data to a limited and controlled extent.

We would be pleased to advise you about implementing data protection regulations. The further development of data protection will not make your current IT infrastructure obsolete but only requires an analysis of whether there is a need for improvement. Our lawyers will analyse how this can be done quickly and efficiently.

In addition, our lawyers will highlight the necessary precautions to avoid data leaks and ensure that data is handled in compliance with the law. This service is essential when collecting and storing employee data and using private devices for work purposes.

An equally vital issue is the control of employee data, as this is only permitted to a limited extent. Internet and telephone records, for example, may only be checked if there is a specific reason for this.

The assessment of our specialised lawyers can provide reliable information in this respect and thus create the legal framework for your measures. In this context, IT technology must also meet legal standards. Furthermore, the special connection between data protection and relevant company, collective or service agreements can also be established with the help of our lawyers’ expertise in employment and labour law and thus be appropriately considered.

Legal Support for Employees with German Data Protection Rules

The central set of rules is the General Data Protection Regulation (GDPR), which applies equally in all EU countries.

In addition, the Federal Data Protection Act (BDSG) also applies in Germany. GDPR, which has been in force since May 2018, partially replaces and supplements the provisions of the Federal Act. This regulation outlines what is allowed when using a person’s personal data under the “data processing principles”.

These data processing principles are listed under Art. 5 GDPR:

  • The legality of the processing: has the data been processed correctly? The data must be processed lawfully, fairly and in a transparent manner concerning the data subject.
  • Legality in the gathering: if the data gathered has been done so in a legal manner.
  • Transparency: is your employer transparent regarding the reason for gathering and processing your data?
  • Minimisation of data collection: has your employer gathered more data than is necessary? Why have they gathered what appears to be additional data? Adequate, relevant and limited to what is required concerning the purposes for which they are processed
  • Accurate: is the data collected by your employer correct and current? The date must be accurate and, where necessary, kept up to date; employers must take every reasonable step to ensure that inaccurate personal data regarding the purposes they are processed are erased or rectified without delay.
  • Correct storage of data: the data must be kept in a form that permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
  • Integrity and Confidentiality: processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organisational measures.

Our lawyers advise on all these matters and more.

Analysis of Data Protection Law and Applying it to Specific Situations

By carefully analysis the GDPR and the Federal Data Protection Act (BDSG), our lawyers ensure that our clients are fully aware of what is expected of them under German data protection law.

Art. 4 GDPR contains the relevant definitions in data protection law according to the regulation. This section must be viewed as the starting point for the application of data protection regulations and consequences. Under this section, the definitions for “data controller”, “data processor”, and “data recipient” are outlined.

Art. 4 GDPR also defines “personal data”. “Personal Data” under the regulation means any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’).

An “identifiable person” can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Examples of personal data include (a person’s):

  • Name, age, address
  • Date of birth
  • Contact details (telephone number, e-mail address)
  • Identity card number
  • Health data
  • Marital status
  • Religion
  • School Education
  • Work experience

“Processing” under Art. 4 GDPR means any operation or set of operations which