RSS Feed


More Articles: Latest Popular Archives

Leave, absence and GDPR – what you need to know

Neil McKeever

Leave management, i.e. the administration of annual leave, special leave, sick leave, recuperation of overtime etc., is a routine part of the daily work of Human Resources (HR) departments in EU institutions and bodies. Contributor Neil Mckeever –

This work includes the collection and processing of personal data (also known as personal information) of staff and sometimes of members of their family. These procedures may relate to the processing of health-related information (sensitive data) and are necessary to establish, for instance, whether sick leave is justified or whether a member of staff is entitled to maternity leave.

However, since special leave (for moving, marriage, death of family member, sickness of a child, voting, etc.) must be justified by providing supporting documents, other kinds of personal information may also be involved. Medical certificates, death certificates and information related to medical tests, sickness and accident insurance are also likely to be collected and processed.

What are the main data protection issues?

Data quality
It is important not to process more personal data than necessary. How? By only collecting relevant – and not more information than necessary – in the first place. In addition, medical certificates and other medical data (referrals from doctors, medical examination reports, laboratory tests, etc.) should be handled only by the medical service of the institution – not by the HR department. The latter should only receive the administrative data necessary to process the sick leave (for example the number of days of sick leave).

Right of information
Staff members must be informed about their rights and for what purposes their information is processed. Such information must be specifically communicated to staff members when a new procedure is being introduced and made permanently available (for example via the intranet of the organisation). This ensures that staff members have access to the information at all times.

Right of access
Staff members should be allowed to access their leave-related information to be able to verify whether it is accurate and to have it corrected if it is not. They must be informed about how they can do so.

Retention period
Organisations must make sure that information relating to leave management is not kept on their files for longer than necessary. Clear retention periods must be established. These can vary in accordance with the type of leave concerned.

Data security
Given the sensitivity of the processing of health-related data, all HR staff dealing with leave request procedures should sign a specific confidentiality declaration and they should be reminded of their confidentiality obligations regularly.

Receive more HR related news and content with our monthly Enewsletter (Ebrief)