Human Resources and GDPR Compliance: Lessons from Romanian Data Protection Case Law on Workplace Privacy
Pubblicato online: 24 lug 2025
Pagine: 4329 - 4344
DOI: https://doi.org/10.2478/picbe-2025-0332
Parole chiave
© 2025 Dana Volosevici, published by Sciendo
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
The General Data Protection Regulation (GDPR) has been in force since May 2018, yet its implementation in employment relationships continues to present compliance challenges. This study examines the intersection of data protection and labor law by analyzing how the Romanian Data Protection Authority (DPA) interprets and enforces GDPR principles in workplace settings. The research is based on an empirical analysis of decisions issued by the Romanian DPA, offering insights into common compliance failures and risk mitigation strategies.
The study identifies two primary categories of GDPR breaches in employment contexts. The first includes direct violations committed by employers, such as unauthorized data collection, failure to ensure transparency, and excessive monitoring through video surveillance or electronic tracking. The second category consists of violations formally attributed to employers but triggered by employee actions, highlighting the importance of internal safeguards and employee training. The research further demonstrates that non-compliance extends beyond employer-led processing to include unauthorized disclosures, misuse of biometric data, and failures in data retention policies.
Findings reveal that many breaches result from the inability of employers to justify legitimate interests, failure to consult employees before implementing monitoring systems, and inadequate security measures. The study underscores the necessity of a structured compliance framework in human resource management, advocating for transparent monitoring policies, strict access controls, and periodic security assessments.
By integrating legal analysis with human resource management principles, this research contributes to the broader discourse on GDPR compliance in employment relations. It highlights the importance of interdisciplinary approaches in shaping data protection strategies and reinforces the need for organizations to adopt risk-based methodologies to mitigate regulatory exposure.