Employee Data

Question 1

What are the main phases of the employee life cycle?

Answer 1

• Application
• Interview
• Onboarding
• Promotions
• Transfers
• Offboarding or separation

Question 2

What types of information are typically included in personnel records?

Answer 2

• Hiring
• Salary and benefits
• Roles and responsibilities
• Performance evaluations
• Health and financial
• Retirement

Question 3

What are the 4 commonly used legal bases for processing employee data?

Answer 3

1. Consent
2. Contract
3. Legal obligation
4. Legitimate interest

Question 4

Why is an employment contract not considered valid consent under data protection law?

Answer 4

Because there is an imbalance of power in the employer-employee relationship.

Question 5

When might an employer rely on legal obligation as a basis for processing employee data?

Answer 5

1. Reporting to tax authorities
2. Maintaining records for sick pay and leave
3. Complying with health and safety laws

Question 6

What are examples of legitimate interest in processing employee data?

Answer 6

• Building security monitoring
• Tracking work hours for payroll
• Performance tracking

Question 7

What elements must be included in a notice to employees about data processing?

Answer 7

• Purpose
• Categories of recipients
• Retention
• Legal basis
• Employer contact
• Employee rights

Question 8

What are the acceptable mediums for delivering a privacy notice to employees?

Answer 8

• Employee handbook
• Separate privacy notice

Question 9

What is the balance required in workplace surveillance regarding privacy?

Answer 9

Balance between employees’ right to privacy and employer’s interest in protecting the business.

Question 10

Why are background investigations conducted by employers?

Answer 10

• Ensure trustworthiness
• Protect company property and data
• Defend against insider threats

Question 11

What surveillance principles must be followed in data loss prevention?

Answer 11

• Necessity
• Legitimacy
• Proportionality
• Transparency

Question 12

What are examples of legitimate interests justifying surveillance?

Answer 12

• Data loss prevention
• Worker safety
• Protecting business from threats

Question 13

What does proportionality in surveillance mean?

Answer 13

Surveillance must be:

• Necessary
• Appropriate
• Not excessive relative to its purpose

Question 14

What role does transparency play in workplace surveillance?

Answer 14

Employees must be notified.

Transparency sets behavior expectations and reduces privacy assumptions

Question 15

What are examples of disproportionate or unlawful surveillance?

Answer 15

• Continuous recording of all employees
• Detailed productivity tracking
• Covert surveillance without notice

Question 16

What general elements should be included in employer policies on email and internet use?

Answer 16

• Justifications for monitoring
• Monitoring details
• Policy enforcement
• Employee rights
• Works council / union involvement

Question 17

What should email surveillance policies address?

Answer 17

• Whether personal use is permitted
• Employer access controls
• Data retention policies

Question 18

What should internet surveillance policies specify?

Answer 18

• Private use conditions
• Allowed and disallowed content
• Access controls

Question 19

What steps should be taken when an employee is suspected of misconduct?

Answer 19

• Present the facts
• Allow the employee to explain themselves
• Possibly involve an employee representative

Question 20

How does a works council differ from a trade union?

Answer 20

• Works council: represents all employees and is required by law at the company level
• Trade union: represents only union members and is voluntary at the sector level

Question 21

What are the primary functions of a works council?

Answer 21

• Information
• Consultation
• Codetermination on employer decisions

Question 22

In what areas must employers engage with works councils?

Answer 22

• Changes to work environment
• Work conditions
• Data processing activities

Question 23

What is codetermination in the context of a works council?

Answer 23

The ability to approve or reject certain employer decisions.

Question 24

What is whistleblowing?

Answer 24

Employee reporting on workplace misconduct.

Examples: illegal, unethical, or fraudulent activities

Question 25

What does the **Sarbanes-Oxley Act** (SOX) require companies to do?

Answer 25

Facilitate employee **reporting of misconduct**.

Question 26

What **compliance steps** must companies take under SOX?

Answer 26

* Implement strong control policies * Encourage reporting * Reinforce confidentiality * Use third-party hotlines

Question 27

**Who** must comply with SOX requirements?

Answer 27

* US public companies * Subsidiaries of public companies * Foreign companies listed on US exchanges

Question 28

What are **key EU concerns** about U.S. whistleblowing programs?

Answer 28

* Lack of right of reply for subjects * Risk of misuse due to anonymity

Question 29

What **GDPR compliance steps** are required for **whistleblowing programs**?

Answer 29

* Conduct DPIA * Involve works council * Mitigate international data transfer risks * Ensure transparency

Question 30

What **elements** should a **whistleblowing policy** include?

Answer 30

* Who may report * Subjects' rights * Confidentiality vs. anonymity * Scope * Report procedure * Data retention * International transfers

Question 31

What does **BYOD** stand for and **what does it involve**?

Answer 31

* Bring Your Own Device * Use of personal devices for work applications and data

Question 32

What are the **key challenges** of BYOD?

Answer 32

Employer is the data controller but the **device also contains employees' personal data**.

Question 33

What should a **BYOD policy include**?

Answer 33

* Expectations and rights * Data security requirements * Use of mobile device management software

Question 34

What are **key functions** of **mobile device management software** in BYOD policies?

Answer 34

* Remotely erase data on lost devices * Locate stolen/lost devices