Chapter 18

GDPR and the Workplace


Bullet Reviewing lawful grounds of processing for employee data

Bullet Tailoring a Privacy Policy to your workforce

Bullet Handling subject access requests from workers

Bullet Exploring appropriate (and inappropriate) ways to monitor the workplace

If you have people working for you in your organization — whether they’re full-time or part-time employees, agency workers, volunteers, apprentices, interns, or hired on contract, such as freelancers or associates — you'll hold lots of personal data about them, for various purposes. These purposes include — but aren’t limited to — paying salaries, paying taxes, providing benefits, offering training, monitoring performance, and storing sickness and disability records.

A lot of the personal data you’ll process for employees is special-category data, previously known as sensitive data, which requires additional protection because it relates to matters where people have been negatively targeted, for example, or discriminated against (as discussed in Chapter 3).

In addition to the GDPR, you should consider local laws in ...

Get GDPR For Dummies now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.