GDPR and Human Resources: A tool to pressure employees in the event of a dispute

Every day, the CNIL (National Commission for Information Technology and Civil Liberties) receives an average of seven complaints from troubled employees, using the GDPR as leverage. 🔥

GDPR Human resources :

The GDPR and its implications in the field of human resources have become an effective way for employees to exert pressure in the event of conflict within the company. In 2019, almost 20% of the 14,000 complaints filed with the CNIL (National Commission for Information Technology and Civil Liberties) concerned disputes involving employees and their employers. This translates into around 3,000 complaints a year, or an average of 7 complaints a day.

🎯 The objective is clear: employees use the GDPR as leverage to exert pressure or put their employer in a difficult position in the event of departure.

Employment lawyers use GDPR as leverage against employer 🏹

Thought the GDPR only applied to consumers or citizens? In reality, the GDPR also applies to your employees, work-study students, interns, applicants, temps. In particular, it involves providing clear information on their rights and duties. 📜

👨‍⚖️ Employment lawyers have understood this. It is increasingly common for counsel for an employee in difficultye.g : in the event of dismissal or refusal to enter into a conventional severance agreement, etc.) to use the GDPR as a negotiating lever, or even as a means of exerting pressure on the employer.

GDPR & Human Resources: Increase in CNIL (National Commission for Information Technology and Civil Liberties) complaints CNIL (National Commission for Information Technology and Civil Liberties)

Complaints to the CNIL (National Commission for Information Technology and Civil Liberties) rose from 11,000 in 2018 to 14,135 in 2019 (an increase of almost 30% in one year!) and fines reached 138,489,300 euros in 2020. 

Furthermore, logic dictates that the more employees and their lawyers are informed about the possibility of using the GDPR to pressure their employer, the greater the risk will grow.

A simple letter of formal notice ordering the employer to comply with an employee's request for access to data disrupts a company for several days.

Using the GDPR as a means of pressure is moreover very effective, since a simple letter of formal notice enjoining the employer to grant an employee's request for access to data can totally disorganize an HR department and a company for several days.

In this case, the employer has just one month to respond favorably to the employee's request. If no response is received within this timeframe, the employee can easily lodge a complaint with the CNIL (National Commission for Information Technology and Civil Liberties) ) for breach of his fundamental rights, which the CNIL (National Commission for Information Technology and Civil Liberties) penalizes heavily.

Avoid providing information that would allow the employee to build a case against you 💼

In the event of a request for access or deletion, you therefore have a few weeks to comply with the GDPR and identify precisely what information will need to be communicated to the employee with the risk of providing information protected by professional secrecy, the secrecy of correspondence or documents that would enable the employee to build a case against you. 📁

In the event of an employee complaint, the CNIL (National Commission for Information Technology and Civil Liberties) will check your general compliance with the GDPR

Obviously, it seems logical that an employee complaint to the CNIL (National Commission for Information Technology and Civil Liberties) will involve an investigation that is not limited to the HR sector alone. In the event of an employee complaint, be aware that the CNIL (National Commission for Information Technology and Civil Liberties) will check your general compliance with the GDPR provisionse.g : clients / prospects, marketing, etc.). 📜

Moreover, the risk of the CNIL (National Commission for Information Technology and Civil Liberties) is today no longer the only one since NGOs are beginning to appear on the subject of GDPR and could also be alerted to your structure's failingse.g : NOYB). ⚡

So it's important to prepare in advance, which is not the case today for nearly 80% of structures in France. 📣

68% of French people say they are sensitive to data protection issues.

This risk is nothing new. Back in 2012, a company was fined 10,000 euros by the CNIL (National Commission for Information Technology and Civil Liberties) ) for failing to comply with an employee's request for access.

So why is this phenomenon only now gaining momentum?

Since the GDPR came into force in 2018, the context has changed. Ten years ago, data protection was not an important topic for the population. Now, 68% of French people say they are sensitive to data protection issues. Sanctions have also changed in dimension, since they now amount to 4% of worldwide annual sales.

So it's clear that employees and their counsel no longer hesitate to use the GDPR as leverage against an employer. 🏹

To reduce this risk to zero, become GDPR compliant.

It's very simple to reduce this risk to nothing as all you need to do is comply with the GDPR. 📜

Beyond the obligation to comply with the law, the GDPR should be seen as a virtuous tool that protects the confidentiality of its employees and therefore strengthens its ethics since respecting the GDPR means respecting its employees. 

So you have everything to gain by complying.

✨ Dipeeo ✨

Dipeeo, created and run by specialist lawyers and certified DPOs, helps you with your GDPR compliance process 🚀

Dipeeo is your trusted third party offering a fast and simple GDPR compliance and DPO support service, certified and implemented by specialized lawyers andAfnor-certified protection delegates, at more affordable rates than a traditional law firm. 🤝

We provide day-to-day support to structures in the context of HR litigation relating to the GDPR.