With the blurring of the lines between work and private life, the need for employers to fully understand data protection in the workplace is more important than ever before. Additionally, a much greater number of employers are enacting Bring Your Own Device (BYOD) policies in the workplace as more and more employees wish to use personal technologies at work. Recently I wrote an article highlighting the crucial considerations of a workplace BYOD policy, and with a recent update on data protection the workplace by an independent European Advisory body, it is necessary and beneficial to revisit this issue.
Data protection is a very sensitive issue sweeping the globe at the moment. With the access to information becoming easier and easier, there is even more of a need to protect private data. The most effective way to ensure employers are adhering to data protection laws and are not infringing on the private lives of employees is to know the rules and have policies in place. So, in this post I intend to shed light on the most important points for employers and employees to consider when it comes to data protection in the workplace following the EU working party’s update.
1. Limit Data Collected on Employees
Firstly, and perhaps most importantly, it is vital that employers limit the amount of data they collect on employees. It is not acceptable for employers to sit back and let data on employees collate – businesses should be actively ensuring that they are only in possession of the minimum amount of data they need on each employee. Simply put, employers should only hold data on employees that is absolutely essential.
2. Destroy redundant Data
Following on from the first point, making sure that employee data which is no longer being used is destroyed immediately should be a top priority for an employer. This may take time and administration, however it can be invaluable when it comes to covering employers should there be any litigation battles around data protection in the workplace. In addition, make sure that employees are fully aware of exactly what data on them is held. This kind of transparency makes for a much smoother, open and fair workplace environment and again, helps to avoid any legal complications around data protection.
3. Social Media Accounts are Not Free Data
Whether social media accounts are public or private, employee data present on their profiles must not be considered data that can be processed by employers. Importantly, employers cannot demand an employee to provide access to their social media profiles, unless of course there they have legal grounds to do so.
Granted, there is also a degree of responsibility on employees to limit the amount of personal data they put onto a public social media account, not for fear that it may be processed by an employer, but simply due to the fact that information is visible to all – not just your employer. Be careful what you post, be diligent in your choice of words online and make sure the information you do have online is kept behind well encrypted passwords.
4. Employers Owning Electronics Doesn’t Grant Right To Own All Data
Often an employer will provide electronics rather than have a BYOD policy in place. There are many benefits to this – from having homogenised electronics across a business to allowing for a clearer divide between work and personal related data. However, it is crucial that employers bear in mind that just because a device is supplied by the business, doesn’t mean all of the data stored on it belongs to the company.
In short, an employee’s personal data is an employee’s personal data, regardless of what device it’s stored on. This principle is fundamental when it comes to upholding employee rights and making sure that employers are not breaching employee rights to privacy. Finally, employees should always shield private communication from work related monitoring to minimise the potential for an employer to be encroaching on their private lives.
5. Include a Policy on Personal Communications
When drawing up policies on data protection in the workplace, be sure to include guidelines on personal communication. This is as important for the employer that provides electronics as it is for a business operating a BYOD policy.
It is, of course, unrealistic in this day and age not to allow personal communications in the workplace. In fact, the EU working party argue that a blanket ban on communication for personal reasons is “impractical and enforcement may require a level of monitoring that may be disproportionate.” Nonetheless, employers need to ensure that employees know the rules and employees must be sure not abuse the system in place.
Ultimately, failing to understand the intricacies of data protection in the workplace leaves an employer vulnerable to litigation and an employee at risk of an invasion of privacy. In a nutshell, both companies and employees must make sure they keep on top of the ever-changing regulations with regard to data protection - it’s no longer a choice, it’s a necessity.
For more helpful HR tips and advice, CLICK HERE to sign up to our newsletter.
Data protection is a very sensitive issue sweeping the globe at the moment. With the access to information becoming easier and easier, there is even more of a need to protect private data. The most effective way to ensure employers are adhering to data protection laws and are not infringing on the private lives of employees is to know the rules and have policies in place. So, in this post I intend to shed light on the most important points for employers and employees to consider when it comes to data protection in the workplace following the EU working party’s update.
1. Limit Data Collected on Employees
Firstly, and perhaps most importantly, it is vital that employers limit the amount of data they collect on employees. It is not acceptable for employers to sit back and let data on employees collate – businesses should be actively ensuring that they are only in possession of the minimum amount of data they need on each employee. Simply put, employers should only hold data on employees that is absolutely essential.
2. Destroy redundant Data
Following on from the first point, making sure that employee data which is no longer being used is destroyed immediately should be a top priority for an employer. This may take time and administration, however it can be invaluable when it comes to covering employers should there be any litigation battles around data protection in the workplace. In addition, make sure that employees are fully aware of exactly what data on them is held. This kind of transparency makes for a much smoother, open and fair workplace environment and again, helps to avoid any legal complications around data protection.
3. Social Media Accounts are Not Free Data
Whether social media accounts are public or private, employee data present on their profiles must not be considered data that can be processed by employers. Importantly, employers cannot demand an employee to provide access to their social media profiles, unless of course there they have legal grounds to do so.
Granted, there is also a degree of responsibility on employees to limit the amount of personal data they put onto a public social media account, not for fear that it may be processed by an employer, but simply due to the fact that information is visible to all – not just your employer. Be careful what you post, be diligent in your choice of words online and make sure the information you do have online is kept behind well encrypted passwords.
4. Employers Owning Electronics Doesn’t Grant Right To Own All Data
Often an employer will provide electronics rather than have a BYOD policy in place. There are many benefits to this – from having homogenised electronics across a business to allowing for a clearer divide between work and personal related data. However, it is crucial that employers bear in mind that just because a device is supplied by the business, doesn’t mean all of the data stored on it belongs to the company.
In short, an employee’s personal data is an employee’s personal data, regardless of what device it’s stored on. This principle is fundamental when it comes to upholding employee rights and making sure that employers are not breaching employee rights to privacy. Finally, employees should always shield private communication from work related monitoring to minimise the potential for an employer to be encroaching on their private lives.
5. Include a Policy on Personal Communications
When drawing up policies on data protection in the workplace, be sure to include guidelines on personal communication. This is as important for the employer that provides electronics as it is for a business operating a BYOD policy.
It is, of course, unrealistic in this day and age not to allow personal communications in the workplace. In fact, the EU working party argue that a blanket ban on communication for personal reasons is “impractical and enforcement may require a level of monitoring that may be disproportionate.” Nonetheless, employers need to ensure that employees know the rules and employees must be sure not abuse the system in place.
Ultimately, failing to understand the intricacies of data protection in the workplace leaves an employer vulnerable to litigation and an employee at risk of an invasion of privacy. In a nutshell, both companies and employees must make sure they keep on top of the ever-changing regulations with regard to data protection - it’s no longer a choice, it’s a necessity.
For more helpful HR tips and advice, CLICK HERE to sign up to our newsletter.
RSS Feed