The General Data Protection Regulation (GDPR) has now been in force throughout the EU for two years. It is now time to take stock and explore the impact of the GDPR on HR departments, what new features the regulation has brought and what has become of it.
Countless companies ramped up remote working orders for their employees in view of COVID-19 and the measures taken by the federal and state governments since mid-March 2020. As lawyer and data protection officer Sebastian Günnewig explains, even in this particular crisis, the employer is usually liable if, for example, an employee in the home office violates the General Data Protection Regulation (GDPR). It is a matter of protecting personal data, which also applies to those working from home.
Notorious as bureaucratic monsters, large and small companies alike have had a hard time with the introduction of the GDPR, and many of them continue to feel insecure. "Germany's companies are struggling with the GDPR", headlines the magazine Freitag, noting that even almost two years after it became legally binding, dissatisfaction still prevails across the board. After an initial grace period, the number of infringements has risen dramatically.
According to the magazine Handelsblatt, until December 2019, 187 companies in Germany were fined. The highest sum of 14.5 million euros was imposed on the Berlin real estate giant "Deutsche Wohnen", which, however, showed little understanding or willingness to pay. In fact, the data protection commissioner of the German capital collected just over 200,000 euros, as the Berliner Morgenpost reported at the end of March 2020.
The GDPR must also be observed while working from home.
By the end of May 2020, two years after the GDPR came into force, something like a cash up must be made. Until then, an evaluation of the basic data protection regulation will be carried out in accordance with Art. 97. Brussels is, however, still a long way from this, as stated in a Deutschlandfunk contribution to two years of GDPR. With regard to the opening clauses, in particular, there is still a great deal of uncontrolled growth in the EU and the individual Member States.
The HR software and solution provider rexx systems had already defined two years ago what HR personnel must prepare for with regard to the GDPR. The essential points remain current:
Conclusion: Not much has really changed for HR departments since the GDPR came into force on 25 May 2018. However, it could become problematic for software manufacturers who have not yet fully internalised the GDPR guidelines. In addition, there are still many companies that do not work with professional HR software and continue to count on "Excel and Outlook". Coming back to home office: Corona has taught many companies in a short time that it works. Teleworking via the cloud will, therefore, remain an issue even after the crisis. But to make sure that the GDPR does not fall by the wayside, companies will have to invest more in IT security. Then, just as with the rexx Suite, it will not be an issue for HR employees to process applications, internal company processes and other personnel matters from home.
Want to find out more about applicant management with rexx Recruitment software? If you would like to visit us at one of the HR trade fairs, we would be happy to send you free tickets. Or make a personal appointment to get to know us!
12. October 2020, Online
21. October 2020, München
10. November 2020, online
19. November 2020, online
23. November 2020, Düsseldorf
02. December 2020, München
30. March 2021, Zürich
20. April 2021, Stuttgart
18. May 2021, Hamburg
16. June 2021, Schloss Laxenburg
14. September 2021, koelnmesse, Eingang West, Messeplatz 1, D-50679 Köln Halle 4.2 / Stand C.14
18. November 2021, Wien
The General Data Protection Regulation (GDPR) has been effective across the EU for two years. What has happened in the HR area since then?