Go back

How do you protect your employees' personal data?

26 January 2022 Miet Vanhegen Employers

What are the ground rules you should follow when collecting, using and securing personal data? The European Privacy Day on 28 January lets us pause to reflect on the procedures to ensure personal data protection. This is also relevant in the HR world, as organisations often hold all kinds of personal data on their employees.

Reading time: Read later?

Here's where the GDPR guards

The General Data Protection Regulation (GDPR) went into effect on 25 May 2018. This European Regulation lays down the ground rules for the collection, use and security of personal data. It concerns personal data of your employees, but by extension, data of customers too.  

Personal data is a broad term. It's not just about classic data (such as name and surname), but also reports, evaluation forms, photos at the staff party or training, etc.

Not following the rules of the game? Then you risk a significant fine. For example, a fine of 15,000 euros was imposed by the Data Protection Authority (GBA) on an SME that refused to close the mailboxes of former employees.

Step by step to optimal protection

The GDPR matter is a complex one. The conceptual framework is not simple, and there are various obligations, such as a documentation obligation and an information obligation. Employers often don't know where to start. This roadmap can give you a nudge in the right direction:

1. Map out personal data using a processing register (data registry).

This registry replaces the former declaration to the GBA, and is part of your documentation requirement. In the event of an audit, you can expect the request for this register for sure. The processing register must be continuously updated. 

2. Identify the legal basis on which the processing is done.

There are 4 legal grounds:

  • execution of the agreement;
  • legal obligation;
  • legitimate interest;
  • consent of the person concerned. 

In the case of the data subject's consent, it is stated that such consent must be free, explicit and informed.

3. Keep in mind the retention periods for this personal data.

The data should not be kept longer than strictly necessary. So you need to work with rules specific to applicable local regulations to map out these retention periods. As part of transparency, you also provide these retention periods by topic in the processing register.

4. Be aware of your information obligation. 

For example, you must inform your employees what data is being processed, the retention periods, the right to information if it is necessary to correct the data, etc.

As part of this information obligation, you must also record what ground rules are used internally with regard to the handling of customer data, access to customer data, any sanctions in the event of a breach of these agreements.

You can regulate your information obligation in this context by working with a specific privacy policy, for example.

Do you have any questions?

Our experts are ready to inform, advise and support you.

Contact us

Share this post

Written by Miet Vanhegen

Juridisch adviseur

Related articles


Late to work due to traffic disruption

15 September 2023 Miet Vanhegen

What if your employees arrive late to work because of traffic disruption? Are they still entitled to their wages?

Read more

What if your employee is tuck at his holiday destination?

03 August 2023 Dries Rutten

Extreme weather such as fierce forest fires and hailstorms upset the holidays of many Belgians. For holidaymakers hit by severe weather, starting start the journey home in good time is by no means easy. What if your employee is unable to return in time to resume work?

Read more

What if there's too much or too little work during the holidays?

25 July 2023 Amandine Boseret

While the summer period is not a busy one for lots of companies, peace and quiet can be hard to find when your employees are on holiday. Those left behind often have to take on more tasks – the duties of those absent. What's the best way to prepare for the hustle and bustle, or the calm, of the summer holidays? What if there's too much work? What i...

Read more