In its 31st annual report, the Saarland State Commissioner for Data Protection and Freedom of Information addressed the issue of purpose limitation in the processing of personal data of external company employees processing also in work control.
Temporary employment processing also in work control
There are now many companies that utilize the temporary employment model, ireland business fax list employing external contractors for a limited period of time within their own company. However, some differences must be consider when processing the personal data of external contractors.. The purpose of this registration was to enable the identification and evacuation of all persons on the premises in the event of an emergency. The purpose of this data collection was also contractually agreed upon between the user and the lender. The company retained the collect data for more than six months. For accounting purposes, the contractor’s employees were also requir to keep so-called construction diaries, which record their working hours.
Purpose limitation of data processing
The principle of purpose limitation of data processing, stipulated in Art. 5 (1) (b) GDPR, requires that personal data be collect only for predetermin, if you want to be successful and legitimate purposes and further processonly for those purposes. Since the collection of data at the gate, as describ above, was intend solely to determine. The presence of persons on the premises in an emergency, the data could only be used for that purpose.
Storage period
Because this data was stor by. The hirer’s company for more than six months, marketing list the a further data protection violation. According to Art. determine presence in an emergency, the supervisory authority considered that storing the data for 24 hours was sufficient. For a possible evacuation of the premises, the previous day’s data would no longer be necessary. The data should therefore be deleted after one day at the latest.
The Saarland State Commissioner for Data Protection and Freedom the company not to transmit any data to the lender if there is no necessary legal basis for the data transmission.
