The General Data Protection Regulation (GDPR) has now been in force throughout the EU for two years. It is now time to take stock and explore the impact of the GDPR on HR departments, what new features the regulation has brought and what has become of it.
Countless companies ramped up remote working orders for their employees in view of COVID-19 and the measures taken by the federal and state governments since mid-March 2020. As lawyer and data protection officer Sebastian Günnewig explains, even in this particular crisis, the employer is usually liable if, for example, an employee in the home office violates the General Data Protection Regulation (GDPR). It is a matter of protecting personal data, which also applies to those working from home.
Notorious as bureaucratic monsters, large and small companies alike have had a hard time with the introduction of the GDPR, and many of them continue to feel insecure. "Germany's companies are struggling with the GDPR", headlines the magazine Freitag, noting that even almost two years after it became legally binding, dissatisfaction still prevails across the board. After an initial grace period, the number of infringements has risen dramatically.
According to the magazine Handelsblatt, until December 2019, 187 companies in Germany were fined. The highest sum of 14.5 million euros was imposed on the Berlin real estate giant "Deutsche Wohnen", which, however, showed little understanding or willingness to pay. In fact, the data protection commissioner of the German capital collected just over 200,000 euros, as the Berliner Morgenpost reported at the end of March 2020.
The GDPR must also be observed while working from home.
By the end of May 2020, two years after the GDPR came into force, something like a cash up must be made. Until then, an evaluation of the basic data protection regulation will be carried out in accordance with Art. 97. Brussels is, however, still a long way from this, as stated in a Deutschlandfunk contribution to two years of GDPR. With regard to the opening clauses, in particular, there is still a great deal of uncontrolled growth in the EU and the individual Member States.
The HR software and solution provider rexx systems had already defined two years ago what HR personnel must prepare for with regard to the GDPR. The essential points remain current:
Conclusion: Not much has really changed for HR departments since the GDPR came into force on 25 May 2018. However, it could become problematic for software manufacturers who have not yet fully internalised the GDPR guidelines. In addition, there are still many companies that do not work with professional HR software and continue to count on "Excel and Outlook". Coming back to home office: Corona has taught many companies in a short time that it works. Teleworking via the cloud will, therefore, remain an issue even after the crisis. But to make sure that the GDPR does not fall by the wayside, companies will have to invest more in IT security. Then, just as with the rexx Suite, it will not be an issue for HR employees to process applications, internal company processes and other personnel matters from home.
Want to find out more about applicant management with rexx Recruitment software? If you would like to visit us at one of the HR trade fairs, we would be happy to send you free tickets. Or make a personal appointment to get to know us!
03. February 2021,
26. February 2021, online
08. March 2021, online
20. April 2021, Stuttgart
18. May 2021, Zürich
18. May 2021, Hamburg
16. June 2021, Schloss Laxenburg
23. June 2021, Köln
07. July 2021, München
08. September 2021, online
14. September 2021, koelnmesse, Eingang West, Messeplatz 1, D-50679 Köln Halle 4.2 / Stand C.14
16. September 2021, online und ggf. live
11. November 2021, online
18. November 2021, Wien
The General Data Protection Regulation (GDPR) has been effective across the EU for two years. What has happened in the HR area since then?