The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the Data Protection Act 2018 (‘the Act’) are the main pieces of legislation regarding data protection in Ireland. The Act supplements the GDPR and includes provisions relating to GDPR derogations, as well as establishes the Data Protection Commission (‘DPC’). In part two of this Insight series on data protection considerations in the employment context, Kate Colleary, Founder & Director of Pembroke Privacy Limited, discusses the general requirements regarding the collecting, processing, and retaining of employee data, as well as the requirements regarding employee health data.
General requirements
Organisations need a legal basis to process an employee’s personal data. Article 6 of the GDPR on the Lawfulness of Processing details the different legal bases to be relied on. Articles 5 and 9 of the GDPR set out the principles relating to the processing of personal data, as well as the processing of special categories of personal data. Usually, employers rely on contract or legitimate interests as the legal basis for processing employee data.
Read the full article on DataGuidance.com