Control measures and data protection

The working environment becomes increasingly digitized. This may cause a variety of new opportunities, but also challenges. We will guide you in taking the right decisions.

All employers process personal information about their employees, whether for recruitment, payroll, performance management, termination of employment etc. The employer’s processing of personal data concerning the employees raises several personal privacy issues.

The employer’s processing of an employee’s personal data is regulated by the Personal Data Act and the Personal Data Regulations. Also, the Working Environment Act  Chapter 9 is relevant, as it contains general rules concerning the employer’s control of workers. Some control measures are specifically regulated. This includes obtaining health information on appointment of employees, medical examinations of job applicants and employees (including drug testing), access to the employee’s e -mail etc., and camera surveillance.

The new digital work day raises a number of new challenges. If digital information leaks, it can easily involve large amounts of personal data and confidential information. The digital world is also in itself difficult to understand.  Even more challenging is harmonizing the digital reality and the legal world, where companies do their best in order to avoid ending up in legal conflicts with employees, unions, suppliers, customers or public authorities.  The IT department, internal audit department, finance department, legal department and system owners must all collaborate, with the HR department in the driver’s seat, with respect to strategic decision-making on how to implement new digital working tools. To leave it to the rest of the company to make such decisions would be to disclaim responsibility for a growing share of the tasks associated with good personnel management that are being done with digital working tools.

We will happily assist you to make the right decisions when introducing new electronic solutions, implementing data protection policies or when handling individual legal matters concerning control measures, privacy and data protection.