Data Protection in employment relationships An overview of applicable laws in SE Europe
Authors:
- GREECE: Viktoria Chatzara | Junior Partner, Sotiria Bouranta | Associate
- ALBANIA – Blerta Topore | Legal Assistant
- SERBIA (BiH)- Monja Novakovic, Vesna Tripkovic | Associates
- CZECH REPUBLIC – Dr Athanasios Pantazopoulos | Managing Partner
- ROMANIA – Roxana Tureac – Radu | Partner
- BULGARIA – Apostolos Christakoudis | Senior Associate
The employment field is one of the main sectors where data protection issues arise. The special circumstances of the employer – employee relationship, particularly the dependence and the imbalance of power between the parties involved need to be taken into account when implementing the general data protection law principles. We provide herein below an outline of the main law and regulatory positions taken across SE European jurisdictions in relation to data protection in employment relationships.
Greece
Greek Law 4624/2019, implementing certain GDPR provisions avails of the option provided by the GDPR (article 88 par. 1) to regulate in more detail specific processing cases, such as the processing of data in the context of employment. Art. 27 thereof, also taking into account the labor law principle imposing on the employer a general obligation to protect its employees, provides that employers may process the personal data of (existing or previous) employees and candidates, provided that it is absolutely necessary: (a) in order to decide whether to conclude an employment agreement; or (b) in order to execute such employment agreement after its conclusion.
Special categories of personal data may be processed only if necessary to exercise rights/ fulfil obligations deriving from labor law, social security and social protection law, and provided the data subject’s legitimate rights concerning the processing are not overriding. Consent may only exceptionally serve as an appropriate legal basis for the employee’s data processing (following settled case-law of the Hellenic Data Protection Authority – HDPA), provided it is assessed as freely given.
In relation to CCTV systems in employment spaces, their use is permitted only if necessary for the protection of people and goods, and with explicit relevant information to the employees, while the personal data collected from such systems cannot be used for the evaluation of performance of employees.
In the context and for the purposes of teleworking, the HDPA has issued additional Guidelines, providing for additional measures employers shall take to ensure the protection of employee personal data during teleworking, as well as compliance with applicable data protection law.
https://www.lexology.com/library/detail.aspx?g=5b1c7b00-a191-4bca-9a15-54ca0a504166