Compliance
Cloud means freedom and co-determination.
From data processing to company agreements,
we adapt processes and agreements to the cloud age and ensure clarity.
Company agreement as a set of cloud rules
If companies decide in favor of the cloud, the topics of data processing, data protection and co-determination take on a new significance. Processes and agreements must be adapted to the cloud age.
This includes data protection agreements with customers as well as agreements with the works council.
Issues such as behavioral and performance monitoring for employers and employees must be regulated to prevent data misuse.
When drawing up the works agreement, the employer and the works council can learn from each other and work together constructively. Mutual trust is essential here.
"The desire for freedom and self-determination
often pairs with the need for guidance,
on how to manage that freedom."
Why protect?
LEGAL BASIS
- § Section 87 BetrVG: mandatory co-determination rights - performance and behavior monitoring
- § 80 BetrVG: General tasks -. Compliance with legal provisions such as DSGVO and BDSG
- § Section 90 BetrVG: Information rights of the works council
- § Section 26 BDSG: Data processing for purposes of the employment relationship
- Art. 88 GDPR Data processing in the employee context
Protect what?
CO-DETERMINATION ISSUES
- Order of the enterprise, employee behavior
- IT systems, technical control devices, behavior and performance control
- Working hours and workplace design
- Group work, collaboration, independent work
How to protect?
IN THE OPERATING AGREEMENT
- Preamble, regulatory purpose
- Scope & applicability
- Definitions
- Procedure of the introduction & essential functions / terms of use of the application
- Data protection & purpose limitation of the processing of personal data
- Logging and purpose limitation of the log files
- Information, deletion, handling of sensitive data, etc.
- Employee self-management
- Performance/behavioral monitoring, reports & analysis options
- IT security measures, such as authorization and deletion concept
- Training concept with training measures for employees/works council
- Consequences of non-compliance with the BV
- Prohibition of utilization, sanctions, final provisions
Operational co-determination
The four main areas.
Data protection and data security
Do data processing and data storage (end to end) of the services meet the security requirements?
Microsoft ensures data security
+ Annual investment of more than USD 1 billion for cybersecurity
+ over 3500 specialists secure data centers and fight IT attacks
IT systems, performance and behavior control
Are the services used DSGVO compliant?
Microsoft assures that the data remains private and under its own control
+ GDPR is applied uniformly worldwide
+ Implementation of data protection features within the 'Microsoft Security Development Lifecycle'.
Operating rules, control employee behavior
Can the applications be used within the legal framework of the company?
Microsoft manages the data according to local legislation
+ Applications cover the largest number of policies in the software industry
+ Experience in dealing with complex regulatory issues is shared with clients
Information, transparency, training
Do data processing and data storage (end to end) of the services meet the security requirements?
Microsoft is transparent about data collection and use
+ different storage location ("geos") for data storage
+ Disclosure of the handling of customer data
Implementation
Steps to the successful implementation of a company agreement.
Creation of an application and procedure directory
- Inventory
- Documentation
- Basis for the information of the works council
Information of the works council
- Documents & Screenshots
- Training offers on technical and legal topics
Identification of topics subject to co-determination
In coordination with the works council
Draft, design and negotiation of a company agreement
- Basis for detailed coordination with the works council
- Consensual meetings and negotiations with the works council
