A shareholder in a limited liability company requested transmission of employees' personal data (name and surname and type of contract) in order to exercise ownership supervision over the company. The CEO refused to provide the data and indicated that disclosure of such data would violate the GDPR, citing a distinction between persons holding management functions and other employees.

ANSWER

Article 212 of the Commercial Companies Code provides that the right of inspection is vested in every shareholder. For this purpose, a shareholder or a shareholder together with a person authorised by them may at any time inspect the company's books and documents, draw up a balance sheet for their own use or request explanations from the management board. This means that a shareholder in a limited liability company has the right to inspect the company's documents.

Within such competences, the right to inspect the list of employees and the type of contract will also fall. The GDPR provisions do not provide for any exclusion in this respect, nor are they in conflict with the shareholder's statutory entitlement. There is no provision of law within the Regulation that would prevent inspection of such documents. Invoking the GDPR with reference to a division between persons holding management functions and others is therefore not justified.