|Finland||02.08.2017||The Working Group proposal does not as such cover privacy in employment. Based on its research, the Working Group considers that the current Act on the Protection of Privacy in Working Life is in line with the GDPR. However, the responsible Ministry may suggest amendments.
|Germany||07.08.2017||Yes - § 26 constitutes a basis for processing of employment data. The new rule keeps more or less the framework of the current rules on processing of HR data. As under the current German Federal Data Protection Act, the processing of employee data is generally allowed if necessary for establishing, carrying out or terminating the employment relationship (NB: subject to interpretation based on existing case law and guidance of DPAs). The GDPAA maintains the current restrictions for investigations of criminal conduct and now expressly mentions operating or service agreements (collective agreement) and collective bargaining agreements as possible legal basis for a processing of HR data.
§ 26 also contains certain justifications for the use of special categories of employee data ("sensitive data") and a definition of the term "employee". The GDPAA further provides clarification on consent, such as the circumstances when such consent is “freely given” in an employer-employee relationship. Legal and economic advantages are considered in this respect and in the reasoning of the GDPAA, for example, refers to the use of IT for private purposes or to receive health benefits. Under certain conditions, § 24(2) permits a change of purposes for sensitive data in HR context.
|Ireland||12.09.2017||The General Scheme refers to the possibility of specific rules in the employment context but contains no detail as to what, if any, specific rules may be adopted.|
|Spain||27.07.2017||Data processing for the purposes of whistleblowing and preparing anonymous reports is allowed. Draft Bill allows CCTV recordings for supervision of employees as part of the employment relationship.|