A new regulation about the processing of personal data by employers applies from 4th May 2019 in Polish legislation. What changes have introduced the new law?
The employer managing the employee documentation is obliged to apply the provisions on the protection of personal data.
Companies are required to collect information which are necessary to achieve the purpose of processing (the adequacy principle).
Personal data that epmpolyer may require from applicants and employees are included in Article 221 of the Labour Code and also in separate regulations.
Currently, the employer is entitled to receive the following personal data from applicants:
It is worth noting that the employers should collect only personal data which is necessary for the purpose of employment (the principle of minimization).
The employers is entitled to receive the following personal data from the employee, regardless of the data which the employers had obtained in the recruitment process:
In addition, the employers is entitled to request other data when it is necessary to exercise the right or fulfil the obligation under the law.
The basis for collecting the above-mentioned personal data is Article 6 paragraph 1 letter C GDPR.
There are also regulations regarding the collecting of sensitive data. It is required clear consent (Article 9 paragraph 1 GDPR).
The processing of personal data regarding convictions and violations of law (Article 10 GDPR) have been excluded. Such data may be processed only on the basis of the law.
Under the new regulations, the employer should update information and consent clause and should make changes in personal questionnaires.
Find out how we can help you