Course overview

This course explores the processing of personal information in the workplace, drawing from best practice and key legal rulings. It covers the entire employment lifecycle, from recruitment to termination, emphasizing roles, legal bases for processing, employee rights, monitoring practices, and union responsibilities. Participants will gain practical insights into balancing organizational needs with individual privacy, fostering compliance and trust in data-driven environments.

Course objectives

Participants will obtain an understanding of :

1. Define Key Roles: Distinguish between data controllers and processors in employment contexts.
2. Identify Legal Bases: Apply bases like contract necessity, legal obligations, legitimate interests, and consent for data processing.
3. Handle Special Data: Manage sensitive categories, such as health or criminal records, with appropriate safeguards.
4. Navigate Employee Rights: Respond to access, rectification, erasure, and objection requests effectively.
5. Implement Monitoring Practices: Ensure proportionate and transparent employee monitoring.
6. Address Union Data Processing: Understand responsibilities for professional organizations and representatives.

Course outline

Participants will learn about:

Module 1: Foundational Concepts

Data Controller and Processor Roles: Employer responsibilities for digital and physical data.

Legal Bases for Processing: Contract performance, legal obligations, legitimate interests, and consent limitations.

Module 2: Special Categories and Recruitment

Recruitment Practices: Handling applicant data, references, and criminal checks ethically.

Module 3: Employment Lifecycle

Employment Certificates and Third-Party Data: Managing data from sources like credit agencies.

Employee Rights: Access, rectification, erasure, and objection processes.

Module 4: Monitoring and Surveillance

Monitoring Principles: Proportionality, transparency, and impact assessments.

Techniques: Email, internet, video, and third-party monitoring with legal justifications.

Module 5: Professional Organizations

Data Processing by Professional Bodies: Responsible party roles, sensitive data handling, and disclosures.

Information Officer Obligations: Triggers for appointing information officers in professional bodies.

Module 6: Best Practices and Compliance

Proactive Measures: Agreements, training, and privacy by design.

Ethical Reflections: Balancing organizational needs with privacy rights.