The 4 steps to handle employment contracts in line with GDPR
A contract of employment is a highly personal document, and for sure within the scope of GDPR.
As with any other information covered by GDPR you must:
- Know what you have
Even if an employment contract is an important document, we find them scattered all over companies in binders, on file servers, and in Outlook inboxes. It’s easy to know what you should have — your employee register can tell you that. But what about outdated revisions, and draft proposals? Collecting each and every employment contract in your company, may prove a bigger task than you expect.
- Understand why you have it
With employment contracts the reason is obvious. As a company you need to keep track of your obligations towards the employee — and vice versa. The contract also serves as documentation towards the authorities — including the tax office. But that’s it. Unless you've gained explicit approval for any other use.
- Document how you use it
Once you know what you have, and why you have it, you can document how you use it. And especially, how you secure that no other (mis)use takes place. Only the employee themselves, HR, Payroll, and the immediate manager should have access to the contracts. And they must all be instructed on what proper use of this access entails.
- Plan how to get rid of it
Unless you've gained explicit permissions, once the employment is terminated, and the period you're required to keep financial documentation has expired, you must let go of these contracts. It’s common practice to keep them on record — ‘just in case’, and for ‘future reference’. But it’s no good. It takes explicit permissions to do so. And remember — a permission may be revoked in the future. The right to be forgotten, applies here as well.
Of course, you can handle your employment contracts using Word, Excel, and Outlook — but I won’t recommend it. My experience is that you can do better than that.
5 reasons you need a real contract management solution
We help companies manage their GDPR challenge with easy to use software, and a practical approach. We’ll be happy to help you too. If you have questions related to GDPR, just leave me an email or give me a call.
Kind regards,
Steen Munksgaard
Product Manager, and GDPR Specialist
+41 79 551 71 18
smu@multi-support.com
All blog posts