Employees consent

Answer:

I would strongly advise you against using employees consent as a basis for processing their personal data. It was considered and it is still considered that consent from employees in not a genuinely “freely given” since there is an imbalance between the employer and the employee and the latter tends to agree to whatever the employer wants. Also, consider that consent can be withdraw n at any time and while doing so the employee would basically make the processing activity impossible for the company.

With regards to employees data you can use contractual obligation as a legal basis for all the activities related to the labor agreement (contract) for example payroll activities.

You can also rely on legitimate interest for activities such as video monitoring, fleet GPS monitoring or monitoring of employees using DLP solutions.

The Article 29 Working Party’s rOpinion 2/2017 (on data processing at work, WP249, 8 June 2017) provides some helpful examples of the likely limits of this legal basis. For example, if an employer deploys a data loss prevention tool to monitor employees’ outgoing emails automatically to prevent unauthorized transmission of proprietary data, in order to rely on legitimate interests it will need to ensure, among other things, that the rules that the system follows to characterize an email as a potential data breach are fully transparent to employees and that employees are warned in advance if the tool recognizes an email that is to be sent as a possible data breach, so as to give the sender the option to cancel this transmission.

You can find out about consent and alternative legal basis in our article “ Is consent needed? Six legal bases to process data according to GDPR” - https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/