Data protection is something of a hot topic in Germany at the moment. Following a string of scandals involving some of the country’s largest companies, legislators there have adopted a Bill that will further regulate the collection, processing and use of employee data.
The new legislation, set to come into force on 1 September 2009, will tighten restrictions on the use of employee data. It makes it clear that personal data may only be collected, processed or used for employment purposes if it is required in order to: (i) determine whether somebody should be offered employment (for example, questions concerning professional qualifications, abilities and experience); (ii) execute or terminate the employment relationship; or (iii) uncover criminal acts that may have been committed during the employment relationship.
Internal data protection officers are also set to gain new rights. All medium and large companies are required to appoint such an officer. Going forward they will be entitled to participate in continuing education and professional data protection training programmes at their employer’s cost. Furthermore, under the proposals employers will only be able to dismiss such employees for certain specific reasons set out in the German Civil Code and in particular not for any reason related to their role or exercising the rights attached to it. This new right is similar to the protection enjoyed by Works Council Members. They will be entitled to bring a claim at any time up to a year after dismissal.
This is just the latest in a series of changes to Germany’s data protection legislation aimed at reassuring the German public that their personal data is safe.