Łukasz Rutkowski
Łukasz Rutkowski, attorney-at-law, advises clients from a range of industries, including financial services, banking, e-commerce, IT, logistics and FMCG. He has participated in GDPR implementation projects and compliance audits. He analyses products, processes, IT solutions (software, mobile apps) and services (e.g. using profiling, AI and the internet of things) for compliance with data protection regulations (including industry regulations) and e-privacy regulations.He supports clients in conducting data protection impact assessments and handling data subject requests.
Chatbots and voicebots are being increasingly used for interactions between employers and employees. They help employers meet their obligations to employees, such as serving as a tool to provide information about procedures at the employer or how to carry out certain tasks. They also help in managing employment, as a communications tool for basic HR issues.
Employers, especially those that are part of foreign groups, sometimes wish to carry out background checks, to analyse information concerning the circumstances or status of job candidates or employees beyond the extent of their legal right to do so.
When an employee has been absent for a long period of time, or in other circumstances where an employer is having difficulties contacting an employee via official means of communication, HR departments often wonder whether they can use an employee's private contact data. Some more cautious employers introduce employee questionnaires requesting a private e-mail address or telephone number, or collect this data from employees in a different way. How does the issue of obtaining private contact data look from a data protection law perspective?
Exit interviews, namely interviews which employers hold with employees whose employment is ending, are widely used by HR departments and may provide useful information regarding managing the workplace. In today’s piece, we will take a look at exit interviews from the perspective of data protection legislation.
This is the fourth in a series of articles in which we discuss the duties of a data controller with respect to data protection breaches in the employment context, drawing on Guidelines 01/2021 on Examples regarding Personal Data Breach Notification adopted on 14 December 2021 (version 2.0) from the European Data Protection Board (EDPB).
This is the third in a series of articles in which we discuss the duties of a data controller with respect to data protection breaches in the employment context, drawing on Guidelines 01/2021 on Examples regarding Personal Data Breach Notification adopted on 14 December 2021 (version 2.0) from the European Data Protection Board (EDPB).