Personal data collection in the world of employment agencies
As a temping agency, you are responsible for the proper handling of personal information. It is important to take great care of the personal data of job candidates and temporary workers. The new privacy legislation tasks you with more responsibilities, grants the involved parties more rights and assigns more power to the national overseer — the DPA or Dutch Data Protection Authority.
In this blog post, we will outline the do’s & don’ts regarding the collection of sensitive personal data according to the GDPR.
Which information may or may not be collected?
Personal data is any information that can be used to identify an individual. The most common are names and address information, but also email addresses and IP addresses are considered personal information. The handling and processing of personal information is a broad concept: collecting, sorting, storing, sending, and destroying are all forms of handling and processing.
From now on, in the case of employment agencies, a temporary worker’s data may only be used to aid the employment and compensation of that flex worker. Any data that is no longer being used must be removed or made anonymous unless it is subject to a legal obligation to retain it.
The ABU, or Dutch Federation of Private Employment Agencies, has listed the following most important principles and legal obligations of the GDPR:
Please note: The do’s and don’ts must always be considered in conjunction with general obligations in regards to privacy.
Do’s:
- When registering a temporary agency worker, you may only collect the information that is necessary for the placement of that worker in a job. Common ones are name, address, contact information, and the relevant job experience, education, and training of the person in the context of their placement.
- Since January 1, 2018, it is also permitted to keep a copy of identity documentation on file for any worker who has not yet been linked to an employer, but who is eligible for placement.
- As long as a registered temp worker is willing to be linked to an employer by the employment agency, the relevant data may be kept on file.
Don’ts:
- You may not record information like the BSN (the Dutch Citizen Service Number), identity card number, nationality, and passport photo individually. One exception is the BSN to verify with the UWV (the Dutch Employee Insurance Agency) whether an individual is listed in the target group registry. The registered worker must be informed of that fact. After the verification process, the BSN must be removed. Passport photos may be processed not only through a copy of an identity document, but also only when the temporary worker has explicitly given consent to do so and has been adequately informed.
- Health information like health conditions, health-related absences, health history, work-limiting disabilities, and other limitations may not be processed. Unless the collection of that data concerns the protection of the vital interests of the person in question.
- When a temporary worker has not been working and has not indicated a wish to be assigned a new position, application data may only be stored for a maximum of four weeks. It is possible to request express permission to store the information for up to a maximum of one year past the initial application. It is advised to regularly ask temporary workers whether they are still interested in being placed.
Safety in processing personal data?
For well over 10 years, DataChecker has focused on checking and processing privacy-sensitive information. Privacy is our expertise. Through various preventative measures, we ensure that data security risks are limited. That’s how we comply with the requirements of ISO and GDPR, among other regulations.