In the professional field, it is common to handle private information. However, the protection of personal data is a fundamental right of employees, which is regulated in the General Data Protection Regulation and the Organic Law on Data Protection. To clear up any doubts and facilitate compliance with the regulations, the Spanish Data Protection Agency has developed a practical guide on the matter. Below, we summarize its key points.
Data Protection in Labor Relations
The processing of personal information in the workplace is primarily based on the execution of the employment contract.. Thus, it is lawful to process essential data for formalizing the contract and performing the work, or to fulfill the legal obligations arising from it, such as the payment of contributions and taxes. In other cases, the consent of each individual will be required. Furthermore, the employee must be clearly and concisely informed about the processing of their information and their rights regarding it. The company is also subject to the duty of confidentiality and professional secrecy, even after the employment relationship ends.
Staff Selection
During the recruitment process, it is not allowed to request sensitive personal data (such as family status, ideology, or religious beliefs) or to use the contact details provided for advertising purposes.. It is also not lawful to investigate the social media profiles of candidates, unless they are strictly professional public profiles.
Work Activity Monitoring
The data obtained through time tracking systems must be the minimum necessary and used solely to verify compliance with working hours. The geolocation is limited to cases where it is strictly necessary for the job (such as in the transportation of goods) and/or when the company agrees to it with the employees.
Regarding video surveillanceit cannot be applied in private areas or rest areas, the images must be deleted after 30 days, and sounds can only be recorded if there is a significant risk. The biometric devices for access control, on the other hand, are allowed as long as there is no less invasive and equally effective alternative, and a prior impact assessment is conducted.
In all cases, employees must be informed about the system used and its characteristics.
Union and workers’ representation
The union can only access the essential data necessary to carry out representation and negotiation taskssuch as name, position, seniority, or corporate email. Additionally, the corresponding notice board must be protected from third parties outside the company and cannot include personal information.
Health Surveillance
Medical examinations by the company are only mandatory to determine if the person is fit for the job, to check the effects of the job on their health or in the case of particularly hazardous activities. The company will not be able to know the specific medical diagnosis nor monitor the health status through wearable smart devices.
At Grupo SPEC, we develop our solutions with data protection in labor relations in mind. If you need more information, contact our customer service team.
