HR data compliance has become a growing concern for multinational employers as new technologies enter the workplace and legislation at a local and international level becomes more complex — with stricter enforcement and heavier fines for non-compliance.
While commercial data‐related violations may get more attention, HR data‐related violations can be just as damaging to a company's image and brand, employee relations, or bottom line. Employees are often the source of both breaches and complaints and are now, more than ever, sensitized to their privacy rights and expectations.
Baker McKenzie has a unique position in the market as one of the only firms with an employment team who has expertise in advising organizations on the full spectrum of data privacy issues that arise in the workplace. Our significant experience operating at the blurred boundary between employment and data privacy issues means our team is able to provide commercial, concise, cost-effective and cross-jurisdictional advice, which seamlessly brings these connected areas together, including:
We advise on the lawful use of background checks on applicants, artificial intelligence in the selection and recruitment of candidates, use of sensitive data such as ethnicity, sexual orientation and disability as part of the recruitment process, implementation of applicant tracking systems and “do not hire” policies.
Employment policies and procedures
We develop appropriate policies that protect your organization’s legitimate interests, for example on social media, bring your own devices, relationships at work, remote/agile working, drugs, alcohol testing and, more recently, approaches to requiring and/or encouraging vaccinations among the workforce.
Developments in advanced data analytics, artificial intelligence and data capture present new opportunities but also increased risks for employers monitoring their employees’ performance. We advise on the lawful use of monitoring and tracking tools including CCTV, video cameras, biometric data processing, keystroke monitoring, email and internet usage monitoring, wearable tech and temperature testing. We also advise on consultation with employee representative bodies which employee monitoring tools often necessitate.
Compliance and investigations
We advise on the implementation and operation of whistleblowing hotlines, global human resources information systems and databases, and data privacy issues arising from disciplinary, regulatory and criminal investigations involving employees.
Data subject rights
We provide strategic advice, on both a proactive and reactive basis, regarding employee requests relating to their data access rights, including data subject access requests, rights to rectification and erasure (the right to be forgotten) and rights to object to processing.
Inclusion and diversity
We advise on how to lawfully conduct diversity monitoring, positive/affirmative action initiatives and equal pay audits as part of your organization's inclusion and diversity strategy.
We advise on the implementation of robust intra-group and third-party data transfer contracts, as well as on the appropriate legal mechanisms and risks assessments which may be required to justify the transfer of data overseas.
Outsourcings and transactions
We help organizations lawfully transfer information and conduct proportionate reviews as part of due diligence exercises and preparing appropriate clauses in outsourcing and transaction contracts.
Security breaches require immediate action. We can help you implement a comprehensive rapid response plan to minimize your organization's risks and guide you through any regulatory or criminal investigation.
We help you review and manage your core data privacy compliance framework including data privacy policies, data protection impact assessments, privacy notices, data retention policies and legitimate interest assessments.
Training to HR and managers
We can also provide practical training to HR and line management on data protection compliance in an HR context.