The General Data Protection Regulation Changes the Game for Employers 

Developers of Work Examiner software, which is one of the leading employee monitoring products on the market, have released an instruction sheet for computer tracking app users in connection with the oncoming GDPR entering into force. The sheet covers the main challenges set forth by the GDPR introduction and steps employers should undertake to keep with new rules and to use employee monitoring software legally.

What is the GDPR?

The General Data Protection Regulation puts into effect new rules on personal data processing in Europe for both local and international IT markets. This regulation will become effective from May 25, 2018 and have direct application in all 28 EU countries, while replacing the framework Directive, applicable from 1995. One of important things about the GDPR is that it has extraterritorial operation, so it addresses any company, whether European-based or not, as well as any person, regardless of his or her residence, gathering personal information from EU residents and citizens. 

This means that an employer, who collects employees’ data and manages them, falls into a category of so called controllers, having legal responsibility for the data protection in line with the new regulation. Should he fail to satisfy the requirements, the employer faces the risk of receiving fines, reaching 4% of company’s yearly income and up to €20 million.  

What Do Employers Need to Undertake?

Computer Monitoring Software collects, process, saves, stores and delivers staffers’ personal information, since it tracks their online activity and the use of applications, which can be identified by usernames, ID numbers or other attributes – and that is exactly the thing covered by the regulatory act. Thus, each employer, accumulating personal information from his manpower located in Europe, should:

  • Inform the staff members about their data being collected. The statutory act requires making company’s policy on the collection transparent, as well as providing complete information on the purposes, methods and volumes of processing.
  • Explain the reasons for gathering this information. According to the act, the processing is allowed only for specified and legitimate purposes, and the fulfillment of a contract is one of them. Since computers at workplaces are considered to be work equipment, employers have the right to monitor how they are used, and to take measures for monitoring labor discipline at the workplace. The employees have to understand that their data is gathered only within the workflow and only to the extent required.
  • Get written permission on the data processing. This paper will confirm that the staff members understand the company’s policy on the issue and accept it. Make sure the policy is clearly stated, while employees’ consent is expressed in the form of a clear approval. Note that the staff members can withdraw the consent at any time.  
  • Follow the act as to providing the employees with access to the personal information accumulated. The staff members can also require to delete the data and the employer must erase all the information stored, whether on a cloud storage, computer or server. 
  • Provide adequate data protection. Do not share personal information with third parties, unless this is required by law, and ensure the highest possible level of protection by at least using corresponding privacy settings.

For more information about the deployment of employee monitoring software in the GDPR environment you can visit the official website.