RGPD
In an increasingly digitalised world, the protection of personal data has become a major concern for companies and employees alike. The application of the General Data Protection Regulation (GDPR) imposes on employers, and more particularly on Directors
Reading time:
7 min
In an increasingly digitalised world, the protection of personal data has become a major concern for companies and employees alike. The application of the General Data Protection Regulation (GDPR) imposes on employers, and more particularly on Human Resources Directors (HRDs), the crucial obligation to provide fair information to employees about the data processing that concerns them. This obligation is not only a matter of legal compliance, but also a question of trust towards employees. Indeed, as the Cour de Cassation emphasised in a landmark ruling in 2018, clear and transparent information is essential to ensure that employees' rights are respected. This article will explore the specific requirements arising from this, while describing the information obligations imposed on HRDs and the key interpretations provided by case law. With a thorough understanding of these information obligations, HRDs will be able to ensure effective compliance and sound management of personal data in the workplace.
If you would like to engage a lawyer specialising in personal data law, contact me!
HRDs face critical challenges regarding the provision of information to employees about the processing of personal data. Indeed, achieving compliance with the General Data Protection Regulation (GDPR) and Law No. 78-17 of 6 January 1978, as amended, imposes specific obligations that companies must observe in order to ensure the protection of their staff's data.
The main information obligations of HRDs include:
This obligation of fair information does not stop at a mere enumeration of obligations, but also entails the need for clear and accessible communication. It is crucial that HRDs ensure that the information provided is comprehensible and conveyed to employees on an ongoing basis, in order to avoid any defect of consent. A CNIL lawyer can assist companies in implementing these obligations.
These requirements of clarity and transparency take on their full meaning at the heart of the European provisions, which aim to strengthen employees' trust. Recognising employees' rights is therefore a fundamental pillar of the GDPR.
Finally, it is essential to point out that compliance is not measured solely through legal obligations, but also shapes the culture of a company that is attentive to respecting its staff's data. HRDs therefore have a strategic role to play in this regard, contributing to the creation of an environment of trust. This dynamic not only reinforces the legal framework, but also fosters a calm and respectful working climate.
Let us now consider how the Cour de Cassation has interpreted the notion of fairness in informing employees, and what implications this has for HRD practices.
Let's discuss your needs for 15 minutes!
The notion of fairness in informing employees is a fundamental concept that has been clarified by the Cour de Cassation through several judicial decisions. This notion entails an obligation to provide information that is not only accurate, but also clear and accessible, enabling employees to make informed decisions regarding their personal data.
According to a major ruling of the Cour de Cassation in 2018, it was emphasised that the information provided to employees must be proportionate to the risk associated with the processing of their data. This approach translates into the following elements:
These elements reinforce the idea that fairly informing employees is not limited to providing minimal information, but entails an active commitment on the part of HRDs to ensure transparency. To this end, the appointment of a Data Protection Officer (DPO) can serve as a point of contact for employees, allowing them to ask questions and obtain clarifications regarding their data.
Case law also insists that HRDs must be proactive in updating the information provided, particularly in the event of changes to processing practices or to the purposes pursued. This dynamic not only ensures compliance with legal obligations, but also helps to establish a climate of trust between the employer and its employees.
Thus, the Cour de Cassation's interpretation with regard to fairness highlights the importance of effective and lasting communication. With this in mind, it is crucial to examine the concrete actions that HRDs can take in order to comply with these regulatory requirements.
I want reliable legal documents!
To ensure effective compliance with the requirements established by the GDPR and the French Data Protection Act, Human Resources Departments (HRDs) must commit to a series of key actions. These actions are aimed not only at meeting information obligations, but also at establishing a climate of trust between the employer and the employees.
Here are the main actions to consider:
These actions should not be regarded as administrative formalities, but as an essential approach to fostering respectful management of employees' personal data. By establishing clear and transparent practices, HRDs can not only avoid sanctions in the event of non-compliance, but also strengthen loyalty and trust within the company.
In short, achieving compliance should not be perceived as a constraint, but rather as an opportunity to improve relationships within the organisation. It is through this dynamic that a genuine data protection culture can truly take shape, thereby ensuring greater respect for employees' rights regarding personal data.
To learn more
Yes. The GDPR requires the employer, and in particular HRDs, to fairly inform employees of the processing of personal data that concerns them. This obligation is both a legal compliance requirement and a question of trust towards employees.
The employer must provide clear and transparent information about the purposes of the processing, the data collected, its retention period and employees' rights. This transparency, required by the GDPR, ensures respect for employees' rights over their personal data.
The Cour de cassation emphasised, in a 2018 ruling, that clear and transparent information is essential to ensure respect for employees' rights. This case law clarifies the requirements weighing on the employer regarding information about data processing.
Beyond legal compliance, fairly informing employees about the use of their data strengthens trust within the company. A lack of transparency may, on the contrary, fuel distrust and expose the employer to challenges regarding the lawfulness of its processing.
Numerous processing activities concern employees: payroll management, working time tracking, monitoring tools, video surveillance, HR data. Each must be the subject of appropriate information, as these processing activities directly affect employees' rights over their personal data.
A failure to fairly inform employees about data processing exposes the employer to a breach of the GDPR, liable to be sanctioned by the CNIL, and undermines the admissibility of certain monitoring measures. Transparency is therefore both an obligation and a protection.
The HRD must map the processing activities concerning employees, draft clear and accessible information, identify the appropriate legal bases and document compliance. A detailed understanding of information obligations makes it possible to secure the management of personal data in the workplace.
A lawyer specialising in personal data law helps HRDs structure the information provided to employees, secure HR processing activities and comply with case law. This support ensures effective compliance and limits the risks associated with data management within the company.
Still have questions?
Our team is available!
Have a question?

Ressources
Aller plus loin