employee-privacy-skills

Manages privacy compliance for employee background checks including criminal record processing under Art. 10 GDPR, DBS checks (UK), national law variations, and reference verification. Applies proportionality and data minimisation to pre-employment screening, defines retention limits, and addresses role-based necessity assessments. Keywords: background check, criminal record, Art. 10, DBS, pre-employment screening, vetting, data minimisation, proportionality.

Implements BYOD privacy compliance frameworks for personal device use in the workplace. Covers personal vs corporate data separation, MDM capabilities and limitations, employee consent requirements, data wiping boundaries, and monitoring restrictions on personal devices. Keywords: BYOD, mobile device management, MDM, personal device, data separation, containerisation, remote wipe, employee privacy.

Governs biometric data processing for employee timekeeping and access control under Art. 9 GDPR special category rules. Covers fingerprint, facial recognition, iris scanning, and voice recognition. Applies necessity tests, evaluates less intrusive alternatives, and implements employee objection procedures. Keywords: biometric data, Art. 9, fingerprint, facial recognition, access control, timekeeping, special category.

Manages Data Subject Access Request procedures for employee requests under Art. 15 GDPR. Covers scope of disclosable HR records, emails, CCTV footage, performance reviews, monitoring data, and training records. Implements third-party data redaction, legal professional privilege, exemptions for ongoing proceedings, and the one-month response timeline. Keywords: DSAR, subject access request, Art. 15, employee records, redaction, privilege, HR data, SAR.

Governs employee health data processing for fitness-for-work assessments, occupational health surveillance, COVID testing legacy programmes, and absence management. Applies Art. 9(2)(b) employment obligations and Art. 9(2)(h) health professional exceptions. Covers data minimisation, occupational health provider relationships, and return-to-work procedures. Keywords: health data, Art. 9, occupational health, fitness-for-work, special category, employment, sickness absence.

Conducts Data Protection Impact Assessments for employee monitoring systems per EDPB Guidelines 3/2019 on workplace data processing. Covers video surveillance, email monitoring, GPS tracking, keystroke logging, and productivity tools. Applies proportionality testing under Art. 35 GDPR. Keywords: DPIA, employee monitoring, surveillance, proportionality, EDPB, workplace privacy, keystroke logging, GPS tracking.

Analyses the limitations on consent as a lawful basis for processing employee data under Art. 88 GDPR and WP29 Opinion 2/2017. Addresses power imbalance in employment relationships, identifies alternative lawful bases, and maps national derogations. Keywords: consent, employment, power imbalance, Art. 88, WP29, lawful basis, employee data, labour law.

Configures privacy settings for enterprise HR systems including SAP SuccessFactors, Workday, and BambooHR. Covers role-based access controls, automated data retention enforcement, cross-border transfer configurations, audit logging, data subject rights facilitation, and field-level security. Keywords: HR system, SAP SuccessFactors, Workday, BambooHR, RBAC, retention automation, cross-border transfer, privacy configuration.

Establishes boundaries for monitoring remote and hybrid workers including screen capture, productivity tracking, camera and microphone activation, attendance verification, and activity logging. Applies proportionality principles, transparency requirements, and evaluates less intrusive alternatives per EDPB and national DPA guidance. Keywords: remote work, monitoring, screen capture, productivity tracking, webcam, home office, hybrid work, proportionality, surveillance.

Implements data protection compliance for whistleblowing systems under EU Directive 2019/1937 and GDPR. Covers anonymous reporting channels, identity protection for whistleblowers and accused persons, retention limits, access restrictions, and retaliation prevention. Addresses national transpositions and DPA guidance. Keywords: whistleblower, Directive 2019/1937, anonymous reporting, identity protection, retaliation, retention, reporting channel.

Implements email and internet monitoring compliance in the workplace per Barbulescu v Romania (ECHR Grand Chamber), EDPB guidance, and national labour law. Covers acceptable use policies, legitimate expectation of privacy, proportionality testing, and content vs metadata monitoring. Keywords: email monitoring, Barbulescu, workplace privacy, internet monitoring, acceptable use policy, ECHR, proportionality.