GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Documentation and Procedures

What documents must we prepare to be able to monitor employees' work email?

ANSWER

At minimum:

  • Purposes, scope and manner of monitoring in internal rules/regulations/notice
  • Advance notice of the introduction of monitoring and written information before allowing access to work
  • Marking equipment as subject to monitoring (e.g. a pictogram with monitoring information)
  • GDPR information obligation

From a GDPR perspective, the following may be necessary:

  • DPIA (e.g. report)
  • Balancing test
  • Update to the Record of Processing Activities (ROPA)

It is recommended to implement a comprehensive procedure for access management, control and forwarding. Procedures should specify, for example:

  • purpose, scope and manner of monitoring,
  • rules for using work equipment for private purposes,
  • permitted uses,
  • rules for accessing email,
  • rules on forwarding or notifying about termination of employment and deactivating email,
  • employee rights,
  • rules on archiving, backups and retention,
  • security rules,
  • rules for reviewing procedures,
  • information on employee participation in creating procedures

Read also:

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Documentation for monitoring work email – a guide | ODO 24 | ODO 24