(25 May 2018) The General Data Protection Regulations (GDPR) came into force on 25 May and apply to all organisations in the European Union that handle personal data. Many workers in public services deal with personal data And the entry into force of the new regulations will involve changes to the way they work and uncertainty as to how their employers will implement the new rules. This will be especially the case where employers have not prepared well, posing risks for workers if they wrongly interpret how to handle data or requests for access.
EPSU supports the GDPR and its purpose to bring the Data Protection Act into the 21st century. It seeks to protect people from the inappropriate or unauthorized sharing of their data, particularly where it is for commercial exploitation. It is positive that citizens are getting control over the information others hold on them but it will only work if workers in public services are part of this change. It is for employers to provide staff with clear guidelines, suitable training and awareness, as well as additional support when required. Respect for privacy does require investment in information and communication technologies in public services to accompany this modernization.
The GDPR lacks clear guidelines for the workforce and respecially for those workers involved in the collection and use of data. Workers will be asked to demonstrate that their organisation is complying with the rules. EPSU underlines that employers have to inform employees. Workers need to be informed about their rights and responsibilities as data collectors and processors. And further on their rights as data subjects. We claim the right to be forgotten, and the right to restrict processing and the right to data portability.
With the GDPR come more scrutiny and sanctions. We do not agree that workers can be held personally liable for employers’ failures to ensure that policies are fully compliant with the regulations. For example, what happens when nursing home employee has their laptop stolen It contained sensitive personal details, such as information on residents and employees but was not encrypted as there were no clear instructions, programmes and training. The European Commission, the Member States, National Data Protection Authorities, and individual employers should engage in dialogue with trade unions on how to consistently support and train workers to comply with the new regulation.
- Log in to post comments
