Ever since the General Data Protection Regulation (GDPR) was first enforced in May 2018, people have had doubts about what it meant for employee monitoring. After all the GDPR governs the collection of personal information of people inside the EU – which is exactly what employee monitoring does.
If you want to know whether or not employee monitoring can be GDPR compliant, the short answer is: Yes it can be. However in order to pull that off you need to follow the principles of the GDPR and satisfy its requirements.
Some of the ways to make sure your employee monitoring is GDPR compliant is to:
- Notify employees that you intend to collect their data
Transparency is a key part of the GDPR, and your employees have the right to know they’re being monitored and that their data is being collected. In other words before you start using WorkExaminer or remote employee monitoring solutions, you should first notify your employees.
Keep in mind that WorkExaminer can collect different types of personal information including active/idle hours, app activity, browser history, emails, keystrokes, screenshots, and more. Make it a point to be completely transparent and specify exactly what data will be collected when you notify your employees.
- Explain the reason for collecting data
One of the main GDPR fundamentals is that you need a meaningful and legitimate reason to collect the data of your employees. As such when you notify them it is best to explain what that reason is.
When it comes to WorkExaminer, there are many possible reasons why you may want to use it to collect data. For example you may want to take advantage of its analytic reports to track employee productivity and work performance info. Similarly you may want to use it to control access and improve security.
The key is to make sure that you have a valid justification for the way in which you’re using employee monitoring – and take care not to exceed it.
- Get written consent
Under the GDPR it is required that you obtain consent from employees after informing them about your data collection. That consent should be in writing, and your employees have the right to revoke it at any time.
Try to be as specific as possible when obtaining consent and highlight exactly how you intend to make use of WorkExaminer so that your employees are crystal clear as to its scope. Not only can this help GDPR compliance, but it can also build trust and help assure your employees that you aren’t going to be ‘spying’ on anything private.
- Prepare to provide the data that’s been collected
The GDPR stipulates that employees have the right to request to see their data that you’ve collected – so you should be prepared for such requests. If you’re using WorkExaminer that should be easy as you can quickly export reports or raw data for individual employees.
In general providing data shouldn’t be an issue as long as you’re only collecting data as you’ve specified previously when you obtained consent.
- Be aware of the right of erasure
Last but not least, GDPR compliance entitles employees to request the erasure of all data pertaining to them. It is important that you are aware of that, and make sure that erasing the data of any given employee will not be an issue.
If you use WorkExaminer, the right of erasure shouldn’t be a problem. At any time you can easily delete the data for a specific employee without affecting the rest of the monitoring data.
To sum it up, employee monitoring can be GDPR compliant as long as you approach it in the right way and are clear, transparent, and aboveboard in all your actions. It should be noted that even if your company is not based in the EU, as long as it has collects any data from people in the EU it is expected to be compliant.
The good news is that although GDPR compliance will require some work on your part, it is likely to benefit your business in the end. If nothing else it will reassure your employees and help to build trust if you apply its principles to your employee monitoring policy.