Recommendations
Categories of personal data are precisely defined for every record separately. The practice however shows that employer collects and keeps copy of the ID card of the employees in several records and this is considered as a processing with no legal base and it is not in compliance with the personal data protection principles.
Although part of the personal data can be optionally collected, such as ethnic origin which is personal data that should be optionally collected (upon consent of the employee), the law does not stipulate precisely if the right to consent is guaranteed right.
Records on employed workers and Records on salaries are kept permanently but for the rest of the Records containing personal data a connection to the Law on Archives should be done.
The obligation for the employer to adopt and implement documentation for technical and organizational measures for secrecy and protection of personal data is also one of the needed modifications of this law especially for authorization of the access to employee’s data by the employer.