Home

Internal

Global

Contatto

Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |

In tutto il mondo

Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.

Use of personal data obtained in the course of work

published on 22 March 2024 | reading time approx. 3 minutes

As part of the work, we often need to use the data of others, which is usually collected in information systems and databases. These systems may be national information systems, such as the Register of Natural Persons, or the company's own database where all customer information and documents are stored.

The law or the company itself usually determines which employees will have access to personal data of clients and what activities are allowed with the data. It is necessary to be clear about the purpose for which the data can be processed and to respect the limits of the law and the employer’s mandate by not accessing information that is not necessary to achieve the specific purpose. The use of information systems provided to the employees will certainly not be in line with the General Data Protection Regulation if the only ground for accessing this data is curiosity, the fact that the person in question is a relative, or even the fact that the information is accessible per se, and surely not even if person in question just annoys the employee.

If the organization has collected data on the basis of legitimate interest, a contract or to ensure vital interests of the data subject, this data can be used for another purpose if prior that an assessment has been conducted concluding that the new purpose is compatible with the original purpose. However, if the organization has collected the data on the basis of consent or following a legal requirement, no further processing beyond what is covered by the original consent, or the provision of the law is possible. Further processing would require obtaining a new consent or a new legal basis.

If data processing rules are breached, the responsibility lies primarily with the organization itself, which must ensure and verify that employees have access only to the information they need to do their work duties. If it can be shown that the organization has provided everything to ensure the proper usage of client personal data, but the employee has not taken account of what has been explained, but in turn has bypassed implemented security measures and used the personal data in their possession for their own private purposes, the employee may be held liable in the event of a breach.

Proper handling of customer data can be achieved by ensuring regular training of the personnel about compliant and consistent approach when processing personal data, as well as putting in place clear and properly communicated policies. Employees need to be notified in a very clear manner about their obligations and if in doubt they should ask for clarification from managers as to the extent of their responsibilities.

DATA PROTECTION BITES

Read all releases »

author

Contact Person Picture

Staņislavs Sviderskis

Assistant Attorney, Certified Data Protection Specialist

Senior Associate

+371 6733 8125

Invia richiesta

RÖDL & PARTNER LATVIA

Discover more about our offices in Latvia.