At the beginning of this year the Data Protection Inspectorate published guidelines for using personal data in employment relationships. Based on this, the Inspectorate recently published an additional practical summary version of guidelines for human resource workers processing personal data. The summary version is available in Estonian on the website of the Data Protection Inspectorate. This compact and practical aid should be easy for human resource workers to use in their everyday work.

We hope the guidelines are helpful in solving data protection problems in employment relationships. The recommended rules of the guidelines, based on the Employment Contracts and Personal Data Protection Act, apply to all types of personal data processing of both employees and job applicants.

The guidelines are divided into two, first processing personal data of job applicants (e.g. what data can be gathered, what can be asked at interview, when consent from the applicant is needed for gathering and keeping data), with a second more in depth chapter focusing on processing personal data during employment, including:

1. What type of personal data can be processed without the employee’s consent and for what consent is needed.
2. What regulations apply to the employer for personal data processing under the Personal Data Protection Act, which requires processing to be legitimate, target-oriented, minimal, use restricted, according to principles of data quality, security and individual participation.
3. What information can be asked from the employee about their economic interests and health.
4. How an employer can check employee e-mails and use surveillance equipment.