Take the ISO 27001 course exam and get the EU GDPR course exam for free
LIMITED-TIME OFFER – VALID UNTIL SEPTEMBER 30, 2021

Expert Advice Community

Guest

Can company share their employee personal data?

  Quote
Guest
Guest user Created:   Sep 15, 2021 Last commented:   Sep 23, 2021

Can company share their employee personal data?

I need to ask a question because I was not able to find one of the situation which makes me confused about GDPR. Company which have become our customer and bought service from us do share via email his employees personal data (name, last name and email) so we can create access for them on our portal. When they access portal, they will be asked to accept privacy policy and give consent (GDPR stuff)... is that ok from law side, to have personal information of company employees and after they login for the first time to accept policy? Also what will happen if some of the users never login, or don`t login for a long period and we made account for them, but user haven`t accepted privacy policy and gave consent to us?

How can we overcome this situation? Do you know if we can still be GDPR compliant with this situation?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Sep 20, 2021

In B2B relationships, each company authorizes the processing of its own employees' personal data. So you can provide them an account and they acknowledge the privacy notice while logging in and if they don’t, you can process their data as well for any activity which is connected to the provision of service to your client. The legal basis of data processing, in fact, is the contract under Article 6 lett. B) GDPR.

Here you can find some information about how to process personal data:

If you want to learn how personal data are processed under the EU GDPR you may consider enrolling in our free training EU GDPR Foundations course: https://training.advisera.com/course/eu-gdpr-foundations-course/  

Quote
0 0
Guest
Guest user Sep 23, 2021

Thank you very much for your reply!
Great, so that mean that we just need to state in the contract that we have privacy notice on our customer portal and that is all, or maybe we don`t need to specify anything and if that company share with us their employee personal data we don`t need to do anything more!?

Quote
0 0
Expert
Alessandra Nisticò Sep 23, 2021

No, it means that in the agreement with your client you state that personal data connected to the performance of the contract will be processed as stated in the attached privacy notice. You may also link to the web portal, but if you attach the privacy notice to the contract it is easier to demonstrate compliance to the obligation of providing information about data processing.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 15, 2021

Sep 23, 2021