Why is the consent so important when it comes to employees’ personal data? What is its role beyond being a basic rule in data processing and being able to ensure the use of special categories of personal data?
Data processing based on the consent according to the GDPR requirements means providing the employees with the power to truly choose, having long-term control over how you use the data you have obtained permission for, and at the same time make sure your organisation is transparent and accountable.
Please find out the novelties brought by the GDPR regarding the employees’ consent and particularly which are the main changes that you need to apply in order to align yourself with the new requirements.
What does GDPR bring about in terms of consent?
Having a clear procedure for getting employees’ consent helps you establish a trust based employee-employer relationship. Otherwise, relying on invalid consent could destroy the quality of your relationships, your reputation as an employer, and could bring you fines of substantial value.
The GDPR establishes high standards for consent, and you need to know how to apply it in practice for your mechanisms in order to get it from your employees.
So, you need to revise the mechanisms used to get the consent at present and identify the changes needed to meet the GDPR requirements.
Changes in the HR department mechanisms in obtaining the consent
Getting a valid consent for personal data processing is more difficult as an employer because there is an imbalance of power in the employer-employee relationship. With the GDPR requirements, you’ll need to change the mechanism by which you get this consent from your company’s employees. Here are the key points:
The requests for consent must be separated from other terms and conditions. The consent must not be a precondition for signing a contract or service unless it is absolutely necessary.
Pre-ticked opt-in boxes are invalid, so active options are needed to choose.
As an employer, you must provide with granular options for consent for different types of processing.
You need to name the persons or even third parties who will rely on the consent received.
You will need to keep records to demonstrate that you have received the individual consent, including details of what your employees have been told and how they have given their consent.
Easy to withdraw
You need to communicate to your employees about their right to withdraw their consent, so you need to create simple and effective mechanisms to achieve this goal.
The consent is not given freely if there is an imbalance between you and your employees, so you must always have an alternative legislative basis to motivate your need to process certain data.
Of course, the employer’s consent to the processing of personal data is only part of the GDPR’s novelties. The mechanisms for obtaining consent must be seen in direct connection with other principles of legal data processing.
In complying with GDPR requirements, software technology plays an essential role and makes alignment much easier to meet the new requirements.
A Sincron HR Software type solution will be moulded according to your own domestic policies, it will help you make public and explicit your policy of terms and conditions, it will help you get and manage the required granular level consents and implement your own policies derived from every right of the candidates and employees – such as data erasure policy and respect for the right to be forgotten, access to logs and information traceability, or data migration policy, and not only – all of which having particular functionalities.”
Learn how an HR software can help you legally and safely manage the personal data of your employees and applicants.
GET A FREE HR SOFTWARE DEMO!
The website eu.sincronhr.com uses its own cookies and third-party cookies to provide visitors with a better online browsing experience and services tailored to the needs and interests of everyone.
In this notice, you'll find details about what cookies are, how we use them, the types of cookies that can be placed by visiting our site, and how you can manage, delete or reject them.
What is a cookie? An "Internet Cookie" (also known as "cookie browser" or "HTTP cookie" or simply "cookie") is a small file of letters and numbers that is stored on your computer, mobile terminal or other equipment of a user on which the Internet is accessed. The cookie is installed through a web browser (eg Internet Explorer, Chrome, Mozilla Firefox) and is completely "passive" (it does not contain software, viruses or spyware and can not access the information on the user’s hard drive).
Cookies themselves do not require personal information to be used and, in most cases, do not personally identify Internet users.
On this website, depending on their purpose, we use the following types of cookies:
Functional or preferences cookies - allow a site to retain information about the changes you make on how the website behaves or shows, such as your preferred language or region. These cookies are not essential to the use of the website. However, without them, certain functionalities may become unavailable.
Analytical or site performance cookies - collect information to statistically analyze how the site works. These cookies help us: understand how our site is being used, how effective our marketing campaigns are and how to personalize the site to improve your experience.
Analytical cookies may include advertisements on third-party websites. These cookies allow us to monitor and improve the functioning of our website.
Advertising cookies - these cookies can be set by us or by third parties, being used to show you more relevant advertising messages. For example, they prevent the same ad from reappearing continuously, ensuring the correct display of advertising messages and, in some cases, enabling advertising to be served according to your interests.
For more information, click here