Recommendations
According the Law on Safety and Health at Work, Law on Labor Relations, Law on Labor Relations Records and Law on Employment and Insurance against Unemployment, the scope of personal data processed is in compliance with the purpose of the collection and their maintenance is in line with the law. What is missing is definition of the manner on which the health institutions give the data to the employer. The practice shows that the General report from the medical examinations of employees is not always separated from the medical data inside.
Precise definition of the keeping period is needed. Connection with the Law on Labor Relations has to be done.
Separate part for personal data protection has to be added.