Data Protection for the
Often, internationally active corporations introduce new IT software and systems to meet increasing security expectations. This is to make their work more efficient or simply to keep pace with technological demand.
There are almost no limits to the functionalities of such systems. In the past we have frequently accompanied and observed the introduction of Proofpoint, DLP, MobileIron, Office365 and many more.
Introducing new IT systems also requires an appropriate IT infrastructure, which must maintain the requirements of the GDPR and employee data protection law. By drafting contracted works agreements, businesses can ensure that their IT infrastructure is able to meet these demands while still maintaining compliance with employee data protection law.
Our data protection services for you:
Data Protection for the Works Council
3 steps to legal consultation
Simply fill out this form and one of our team will contact you to organise a free of charge, no obligation call.
Works agreement, before new IT systems
Negotiating a works agreement before implementing new IT systems is often seen as an additional, time-consuming hurdle. But truly, it has two core functions that are indispensable for employee data protection. On the one hand, works agreements are the regulatory instrument with which the works council can assert its co-determination rights. In addition, they are also a very important creative means of balancing conflicts of interest under data protection law, because works agreements are regarded as a reliable basis for the collection, processing and use of employees’ personal data.
For companies and organisations, works agreements provide a means to ensure compliance with data protection laws and also to protect the company from possible legal risks. Furthermore, with a works agreement in place, employees are guaranteed that their personal data is collected, used and processed within the limits of the law and according to pre-agreed rules. This provides an important sense of security to employees and can significantly increase trust in the organisation.
Simultaneous documentation of compliance
Works agreements should also be used to document your compliance with data protection standards, such as: ensuring secure access to personal data, setting out the right of employees to know what data is being collected about them and how it will be used, defining the purpose for which their personal data may be collected and processed, setting limits on the amount of personal data that can be collected, establishing a procedure for correcting inaccurate information and making sure that personal data is kept up-to-date.
Do you need an External Data Protection Officer?
Five steps to full service compliance:
Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.
We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.
Document the current data protection status and define further required actions if necessary.
We carry out all necessary measures identified during the data protection audit.
Designation as External data protection officer and on-going consultation starting from day 1.
General IT framework agreements
In order to deal with IT systems in a practical and up-to-date manner, many companies have basic rules laid down in so-called IT framework agreements. This allows for a smooth deployment of new systems by building on existing environments. A conflict of interest between employee and employer interests can arise, however, when employees feel that they are being monitored by their employers. In this case, the works council’s co-determination right under Section 87 (1) No. 6 of the BetrVG labor law must be observed. This law states that the co-determination right exists for the “introduction and use of technical equipment intended to monitor the behavior or performance of employees.”
In practice, this means that any new system that could theoretically allow for employee data to be recorded, logged, or otherwise processed must be discussed with the relevant works council before it is introduced. Examples of such systems include time recording systems, email encryption systems, and IT security systems. In each case, the works council must be involved in the introduction process.
Our service to you
How our legal experts help clients involved in works councils
The handling of employee data should always be communicated transparently and openly. As a rule, a works agreement should be accompanied by information to employees about the introduction of the new technology.
Our experience covers both the preparatory consultations for a works agreement and the negotiations themselves. We are happy to assist you until the agreement comes into force. Be it as support for the employer or the works council, or be it as a neutral person with expertise in data protection law for the proper agreement of both parties.
We are committed to finding a pragmatic solution to the aforementioned conflict of interests by attempting to make the advantages of a system comprehensible and, at the same time, to set the legally necessary limits without indulging too much in the discussion of individual terminology.
You're not introducing new IT systems or software?
Even if you don’t want to introduce any new systems, it’s always a good idea to review your existing company agreements. With the GDPR coming into effect, there are new legal bases and obligations for employee data protection. In particular, you must make sure that the information obligations pursuant to Art. 13 and 14 of the GDPR are complied with. To avoid renegotiating existing works agreements which could be disadvantageous, we advise concluding a framework works agreement on data protection which supplements or replaces the regulations governing all existing works agreements.
Does your works council need advice on GDPR laws and employee data protection?
When it comes to employee data, and you’re in need of reliable data protection advice and solutions, our team of experienced lawyers and data protection experts can help. We’ll work with your works counsil to create a personalized plan that works for the needs of your new IT systems and the rights of your employees.
Don’t hesitate to get in touch today! With us, your data protection is in safe, experienced hands.
Send this page to a colleague?
Find out more about our individual services
Our Lawyers act as External Data Protection Officers (DPO) for small and medium-sized companies, associations, institutions and international corporations.
Working alonside a DPO, our Data Protection Managers help to implement data protection guidelines and ensures orderly and up to date documentation of your GDPR compliance.
Regular data protection audits ensure that your business continues to process and store personal data in a manner that’s compliant with ever changing data protection laws.