Module 8 · Sensitive employee data, record retention & BYOD
Sensitive employee data needs an Article 9 condition; the employment/social-security exception is the usual route, with explicit consent only as a last resort. Personnel records must be kept no longer than necessary, and the legitimate interest to retain diminishes after termination. Under BYOD the employer is controller only of work-related data on the personal device.
Sensitive employee data (e.g. health, union membership) needs an Article 9 condition. The usual routes are the employment / social-security exception, vital interests, or the establishment, exercise or defence of legal claims (e.g. defending an unfair-dismissal or discrimination claim). Explicit consent is a last resort.
Personnel records must be kept no longer than necessary. The legitimate interest to retain diminishes after termination, but some laws require retention (e.g. health-and-safety records) - so archive and limit access, and use the data only for the legal purpose.
- Under BYOD the employer is controller of work-related personal data on the device, but not of the employee's own personal data.
- Risk: a breach or unauthorised access on a personal device can still bring fines.
- Mitigations: a notice of consequences; a written BYOD policy (no PIN sharing, security duties); knowing where data is stored and securing transfer.
- Remote wipe / MDM for lost, stolen or leaver devices - be transparent that personal content may also be wiped.
For employee health or union data, reach first for the employment/social-security Article 9 condition or legal claims; use explicit consent only as a last resort.