Article 88
Processing in the context of employment
There is no recital in the Directive related to article 88.
Regulation
Art. 88 1. Member States may, by law or by collective agreements, provide for more specific rules to ensure the protection of the rights and freedoms in respect of the processing of employees' personal data in the employment context, in particular for the purposes of the recruitment, the performance of the contract of employment, including discharge of obligations laid down by law or by collective agreements, management, planning and organisation of work, equality and diversity in the workplace, health and safety at work, protection of employer's or customer's property and for the purposes of the exercise and enjoyment, on an individual or collective basis, of rights and benefits related to employment, and for the purpose of the termination of the employment relationship. 2. Those rules shall include suitable and specific measures to safeguard the data subject's human dignity, legitimate interests and fundamental rights, with particular regard to the transparency of processing, the transfer of personal data within a group of undertakings, or a group of enterprises engaged in a joint economic activity and monitoring systems at the work place. 3. Each Member State shall notify to the Commission those provisions of its law which it adopts pursuant to paragraph 1, by 25 May 2018 and, without delay, any subsequent amendment affecting them. |
Directive
No specific provision |
Austria
Confidentiality of data § 6 DSG (1) The controller, the processor and their employees, i.e. employees and persons in a quasi-employee relationship, shall ensure the confidentiality of personal data from data processing activities that have been entrusted or have become accessible to them solely due to their employment, without prejudice to other statutory obligations of confidentiality, unless a legitimate reason for the transmission of the data that have been entrusted or have become accessible to them exists (confidentiality of data). (2) Employees may transmit personal data only if expressly ordered to do so by their employer. Unless such an obligation of their employees already exists by law, the controller and the processor shall contractually bind their employees to transmit personal data from data processing activities only on the basis of orders and to maintain the confidentiality of data even after the end of their employment with the controller or processor. (3) The controller and the processor shall inform the employees affected by these orders about the transmission orders applicable to them and about the consequences of a violation of data confidentiality. (4) Without prejudice to the right to give instructions under constitutional law, an employee must not incur any disadvantage from refusing to comply with an order for a prohibited transmission of data. (5) The statutory right of a controller to refuse to give evidence shall not be avoided by questioning a processor working for the controller, and in particular not by seizing or confiscating documents processed by automated means. Permissibility of recording images § 12 DSG [...] (4) It is not permitted to
[...] |