- Personal data
- Electronic transport
- Electronic storage
- Orders Proof due to burden of proof
- Joint liability
Personal data
It is a truism that a company's human resources department naturally generates and handles the most personal data. It starts with the applications you receive as an employer. This is followed by the application process, which ends with employment. The payroll for this new employee must then be set up and the monthly payroll run. There may be special events in between, such as illness, promotion, deductions, a new address, new insurance or a change of tax class that need to be dealt with. At the very end of employment, there is a notice of termination, the last statement of account and the certificate on the previous statement of benefits. Finally, the employee also asks for a reference. All these areas of activity in a normal working life have more or less to do with the personal data to be protected. The new data protection requires special attention to be paid to all this information and processes.
Electronic transport
Nowadays, the usual exchange takes place by means of electronic transport. We all love e-mail because it is simple, fast and easy to handle. Unfortunately, e-mail is not secure in terms of data protection - it is just an electronic postcard that could be read by others. Therefore, in future, transport by e-mail - even if the e-mail itself is encrypted - will no longer be compliant with data protection regulations. Surprisingly, the same applies to transmission by fax. The contents of fax transmissions are also visible to others during transport, just like a postcard. Sending personal data by fax is therefore prohibited in future.
Electronic storage
Up to now, we have not worried much about the question of whether and how access to personnel documents is regulated. Of course, we have always made sure that not everyone in the company has access to documents such as applications, references, employment contracts, sick notes, etc. But in case of doubt, more people potentially have access to this data than we initially think. This always includes the system administrators and all those who can access the backups. We also didn't bother to find out if and when the documents were ever deleted or duplicated. Only storage in a single location with proof of access and modification of the documents really ensures that the requirements are met. In addition, deletions can also be set up, verified and tracked in this way.
Orders
The cooperation with your payroll accountant has worked well for years. If there were any discrepancies, they were easily resolved - even through the short official channels. A great ease. According to the new law, the employer has to prove in case of doubt that and which order he has given to an external payroll accountant in the last detail. Why? Because the law forces employers to handle their employees' personal data extremely sparingly and carefully. Therefore, using the portal allows complete, fast and conclusive proof that and what data about the employee has been handled and exchanged. This may seem petty, but it makes a lot of sense when you look at the consequences of non-compliance.
Proof due to burden of proof
The law provides for a fundamental change in the burden of proof, which turns all previous considerations on their head and exposes employers to a new, expensive and unpleasant risk. Following the change in the law, employees will be heard in the event of a dispute with the argument: "My employer did not handle my data properly, did not store it securely electronically, sent it insecurely or transmitted it to a service provider without a specific order". All of these accusations may be true or false or just made up out of thin air. It doesn't matter. As the employer, you must be able to prove that you have done everything correctly. If you cannot do this, you run a high risk of losing the dispute. Only by using the archive/portal will you be able to counter all allegations in detail:
- The documents containing the employee's personal data are stored electronically in Germany, protected against loss and tampering.
- Access to the archive is strictly limited and restricted to specific persons. Access authorisations are recorded in an electronic diary.
- The exchange of this information via the portal/archive is secure, as the connections are protected against interception.
- For every order to process personal data, there is a complete electronic record that can be reproduced at any time via the electronic diary in the event of a dispute
As a result, you are not only doing everything right - you can now also prove it!
Joint liability
The new data protection system brings with it very unpleasant consequences that have not yet really been internalised by many of those involved. The client and contractor are jointly liable for each other's errors and omissions. This means that, in case of doubt, the employee can choose the potentially most capable opponent to pursue his claims for damages. The liability limit is 4.0 % of the worldwide turnover of the liable party - i.e. the employer or the contractor - or a maximum of EUR 20.0 million per infringement. For this reason alone, we can no longer be mutually indifferent to what the other partner does with the personal data of the employees to be billed.
Comments
0 comments