These two institutions might well become a real challenge if not even a show stopper for a project. Both of them want to assume rights and have to fulfill duties which are legally determined to a large extent.
Works Council
In Germany worker participation is based on the “Betriebsverfassungsgesetz (BetrVG)” (Works Constitution Act) and comprises various levels from right of information up to right of decision. Besides the BetrVG usually there are also employer / works council agreements which have to be considered in judging the consequences of a project.
Measures which
- change work procedures
- involve the informational self-determination rights of the employees
(overlapping with data protection official) - bring off modified possibilities of job appraisal
- implement new technologies that may have influence on staffing
may serve as examples for topics that can be at least subject to information and consulting duties of the employer. Whether there is a legit (co)-decision power of the works council has to be assessed in every single case.
Data Protection Official
In Germany the “Bundesdatenschutzgesetz (BDSG)” (Federal Data Protection Law) determines the proper handling of individual-related data. The validity of this law extends to natural persons only. From the company’s point of view these may be suppliers, employees, customers or other persons.
If a project (even slightly) involves elicitation, storage, processing or usage of individual-related data, organizational and technical measures have to be approved by the data protection official.
Examples of measures to be assured by the project:
- Contracts for commissioned data processing with external service providers
- secure networks by means of encryption and authentication
- technical protection of data carriers and route of transportation
- physical and/or logical access protection
