Select your nation of interest

Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
Labour consultants: when they are data processors

Labour consultants: when they are data processors

By Italian Data Protection Authority has specified the role and the responsibility of labour consultants in personal data processing of clients in the light of the General Data Protection Regulation, by identifying them as “data processors” when they process personal data of employees based on the the received tasks. 

By replying to questions submitted by the National Council of labour consultants and by a number of experts, the Data Protection Authority has clarified that the Regulation (UE) 679/2016 is in continuity with all that has already been specified by the Directive 95/46/CE. The Regulation confirms the definitions of data controller and data processor, in which the first is still the subject that “determines the means and the purposes of the personal data processing” and the second is the one which processes “personal data on the behalf of the data controller”. 

And for this reason the labour consultants are “data processors, when they process, in full independence, personal data of their employee or of their clients when they are a natural person, as freelancers by determining means and purposes of the processing”. They are data “processors” when they process personal data of their employees based on the received task, which include also the instructions of the processing that need to be carried out. For example, it is the case for labour consultants which protect on behalf of employers the preparation of pay slips, practices relating to recruitment and termination of employment, or social security and welfare, dealing with a plurality of personal data, including sensitive, workers

It is about information recollected and used by data employers based on the contract, legislations and the regulations (as well as the provisions about work and social assistance), and are managed by labour consultants in which are externalized services based on sectors and relevant ethical rules. 

And it is on the contract of entrustment and appointment of data processors by the client that it is based on the legitimacy of processos realized by consultants. The Data Authority has defined to the labour consultants, as data processors, is recognized a high level of autonomy and responsibility connected also with individuation and predispositions of adequate security measures technical and organizational ones, in order to protected clients from personal data processed.

Source: Garante Privacy

Team Privacy & Data Protection
15 February 2021

Recommended to you

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

6 March, 2025

LATVIAN SUPERVISORY AUTHORITY: A list of processing operations that are not required to be...

6 March, 2025

ICELANDIC SUPERVISORY AUTHORITY: Arion Bank hf.’s processing of personal data for marketing purposes and...

6 March, 2025

GERMAN SUPERVISORY AUTHORITY: BfDI participates in Europe-wide review of the right to erasure

5 March, 2025

DANISH SUPERVISORY AUTHORITY: EDPB launches coordinated action on the right to erasure

5 March, 2025

Vulnerability in Apache Tomcat (AL04/241217/CSIRT-ITA)

4 March, 2025

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

4 March, 2025

CISCO Product Updates (AL01/230112/CSIRT-ITA)

4 March, 2025

Android Security Updates (AL02/250304/CSIRT-ITA)

4 March, 2025

Vulnerability in Progress WhatsUp Gold (AL02/240627/CSIRT-ITA) – Update (AL02/240627/CSIRT-ITA)

4 March, 2025

ManageEngine: vulnerability fixed (AL01/250304/CSIRT-ITA)

4 March, 2025

Mautic: Public PoC for CVE-2024-47051 Exploitation (AL02/250303/CSIRT-ITA)

3 March, 2025

CANADIAN SUPERVISORY AUTHORITY: seeks Federal Court order requiring Pornhub operator to comply with Canadian...

3 March, 2025

Security Updates for Synology Products (AL01/250303/CSIRT-ITA)

3 March, 2025

7-Zip vulnerability fixed (AL02/250122/CSIRT-ITA)

28 February, 2025

Vulnerability in PostgreSQL (AL01/250214/CSIRT-ITA)

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

28 February, 2025

 ITALIAN SUPERVISORY AUTHORITY: a credit rehabilitation company fined for 70 thousand euros

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: Fetus Cemetery: Sanctioned the Municipality of Brescia

28 February, 2025

ITALIAN SUPERVISORY AUTHORITY: ok to telemedicine with more guarantees for personal data

28 February, 2025

Advanced Research