Employee Evaluation System may Violate GDPR

In May 2018, the basic data protection regulation (GDPR) came into force. The requirements for data protection have become more stringent for companies. This is not only true for the handling of sensitive customer data. The data a company collects about its employees is also regulated by the GDPR.

Employers have an interest in being able to correctly evaluate the quality and productivity of their employees. Evaluation systems within the company can help to achieve this. However, there is the question of how far these evaluation systems may go and how to handle the collected data.

The online retailer Zalando recently introduced a scoring system for employees using the software “Zonar”. This system allows colleagues and supervisors to evaluate their employees’ performance. These evaluations can have an influence on bonus payments or promotions. According to the company’s information, around 5,000 of the 14,000 employees take part in the scoring system.

The Zalando evaluation system has been criticized in a study by the Hans Böckler Foundation, which works together closely with trade unions. The study found that the use of the evaluation system increases the pressure to perform on employees. The consequences are a deterioration of the working atmosphere, stress and psychological strains. Additionally, there were also concerns related to data protection laws. For example, the processing of data was not transparent enough. In addition, the employees had not been informed about the utilization of the software in accordance with the GDPR.

Zalando rejects the accusations. They state the system complies with GDPR requirements. In addition, they say the study is by no means representative, as only ten employees were interviewed. However, the criticism of the system did not go unheard and has also reached the Berlin privacy officer. Now she wants to check the evaluation system for possible deficiencies with regards to data protection.

If the Berlin privacy officer finds that the system violates data protection, Zalando will have to make corrections. But this does not need to be the end of the story, as a heavy fine is possible, too. GDPR violations are not seen as trivial offence, but they are severely punished. A real estate company and a telecommunications service provider have already realised this, and are expected to pay fines into the millions for GDPR violations. Although the issue here was the handling of customer data, the employee data protection rights need to be given at least as much consideration.