Comments on: 9 Ways the GDPR will Impact HR Data & Analytics https://www.aihr.com/blog/general-data-protection-regulation-gdpr-impact-hr-analytics/ Online HR Training Courses For Your HR Future Wed, 27 Sep 2023 11:26:50 +0000 hourly 1 https://wordpress.org/?v=6.5.3 By: Robbert Santifort https://www.aihr.com/blog/general-data-protection-regulation-gdpr-impact-hr-analytics/#comment-499656 Fri, 06 Oct 2017 09:06:11 +0000 https://www.analyticsinhr.com/?p=9736#comment-499656 In reply to Nora Jaavall Hansen.

Dear Nora,

Thanks for your question. All processing activities should fall within the purpose limitation for which there a legitimate basis. However, when there is a legal obligation for secondary processing, such processing activities would be also allowed. On the contrary, when a specific legal obligation is absent, secondary processing is not allowed. Informed consent remains an alternative, but that depends on the circumstances. Is such processing reasonably justified to be able to rely on consent exclusively?

Also be aware that additional safeguards should be applied in case of secondary processing, such as data minimalization (is all personal data needed? Propotionality check!). Moreover, the data subject should be informed of such secondary processing.

Please feel free to contact us directy.

Best regards,
also on behalf of Arnold Birkhoff

Robbert Santifort, privacy lawyer

]]>
By: Nora Jaavall Hansen https://www.aihr.com/blog/general-data-protection-regulation-gdpr-impact-hr-analytics/#comment-499655 Wed, 04 Oct 2017 06:53:41 +0000 https://www.analyticsinhr.com/?p=9736#comment-499655 Hi Arnold,

Thank you for discussing GDPR in concrete combination with HR Analytics. I have a question regarding the use of HR data that is collected for a specific purpose (e.g. sick leave reporting in order to comply with the law), and how this should be treated when HR analyze this further and do a secondary processing. Considering that an employer should not use consent as a legal basis (in this case the legal basis would be legal obligation), how should this be treated? My concern for HR Analytics also regards the retention principle. Any comment on this? Thanks!

]]>