Re: GDPR employee consent templates

nicktruman · ‎02-07-2018

Hi All
Does anyone know where i might find some consent templates suitable for notifying staff of their rights under GDPR, and the company's requirements to store and process their data for normal business processes? i.e. paying them, next of kin, sick leave etc..

there must be some stock templates somewhere.

Thanks in advance

Nick

flyingboy · ‎02-07-2018

As much as we are aware that GDPR regulates employee data, we need also to take into the account of respective local labour laws.

skyflier21 · ‎02-09-2018

Hi,

I would not look at using consent for processing employee information. This may not work due to the employee to employer relationship which would be difficult to show freely given.

it is important that the employee is aware of the exact processing of the information using a privacy notice that gives transparency on the processing.

it would be better to use other reasons for processing such as legal obligation due to employment law and business interests that do not effect the rights of the individuals.

hope this helps.

Elux-Lucis · ‎02-12-2018

I agree with skyflier21 here. The most likely reason to me is in carrying out obligations of a contract (the employment contract between the organisation and the employee).

As with all such things, seek the advice of a lawyer qualified in such things; the thought above are my own and in no way represent the thoughts of my organisation or constitute legal advice...etc.

CharlesK · ‎02-14-2018

You need employees to understand how GDPR impacts upon them and the organisation. Part of the collection of their PI includes the items you mention. As long as they understand this there should be no issues. There may be local/regional/national laws or regulations that require the collection of such information. These supercede GDPR, but they do not change any of the requirements for protection, access, etc.

TS · ‎05-18-2018

I agree. Depending on the business we use performance of a contract and also legitimate interests. For sensitive personal data there is an employment law lawful basis too.

oms · ‎05-20-2018

Dear Nicktruman,

I had this dicussion a couple of weeks ago with our DPO. We decided against it. This for two reasons:

A formalized information to employees about processing their PII is sufficient (Germany)

One essential component of such a consent would be that the subject signed it by choice. If a company now wants their employees to sign a consent about their PII, this could very easily get a "bad taste" from a labour law perspective (because what would be the other choice for an employee) and could therefore lead to a contract null and void. I can tell only within the german legal system but hope this information is usefull to you.

Kind regards,

oms

P.S.: We decided for a information letter to all employees and had them confirm that they received the information.

Simes2112 · ‎05-29-2018

Nick, did you find any templates in the end? Cheers, Simon

nicktruman · ‎05-29-2018

Hi Simon

Sadly no, we used an external law firm and created them from scratch. Tomorrow we get them translated into French, German and Greek and communicate..

nicktruman · ‎05-29-2018

I should add we had a 5 page template which was deemed too vague.. the current option is much more detailed listing all the processes employee data might be subject to (CCTV, Access control, tax, web proxy, AV etc..)