contact Us

Employee Monitoring Policy

1. Purpose and Scope

This policy outlines the conditions under which employee monitoring may occur across all European operations of the organization. It ensures compliance with the General Data Protection Regulation (GDPR), and aligns with national labor laws and data protection authorities (DPAs) in each EU member state, including Italy’s Article 4 Workers’ Statute and CNIL (France), among others.

2. Lawful Basis and Justification

Monitoring may only be conducted where it is necessary to fulfill one or more of the following legitimate business purposes:
- Ensuring employee and workplace safety
- Protecting company assets, systems, and data
- Ensuring compliance with legal, regulatory, and contractual obligations
- Improving operational efficiency and service delivery
Monitoring must be proportionate, targeted, and implemented with the least intrusive methods possible.

3. Types of Monitoring

Monitoring tools may include:
- CCTV surveillance in secure areas (not applicable)
- GPS tracking of company vehicles (not applicable)
- Access logs for buildings and systems (not applicable)
- Monitoring of company email and internet usage (not applicable)
- Time tracking or remote work monitoring tools (limited applicability)
These tools will only be used for the purposes stated and not for personal evaluation unless lawfully justified and approved.

4. Legal Requirements and Approvals

In accordance with local laws:
- In Italy, any monitoring capable of indirectly or directly controlling employee activity requires prior agreement with trade unions or authorization from the Labour Inspectorate (Statuto dei Lavoratori, Article 4).
- In France, prior consultation with employee representatives is required, especially for intrusive monitoring tools.
- All countries require transparency and proportionality under the GDPR.
A Data Protection Impact Assessment (DPIA) will be conducted before implementing any high-risk monitoring system.

5. Transparency and Communication

Employees will be informed in advance of any monitoring measures in place. This includes:
- The purpose of monitoring
- The nature and extent of data being collected
- Who will have access to the data
- How long the data will be retained
- Their rights under the GDPR and national law

6. Data Access, Security, and Retention

Monitoring data will be:
- Accessed only by authorised personnel on a need-to-know basis
- Secured using appropriate technical and organisational measures
- Retained for a limited period, as defined in the Data Retention Policy, and deleted when no longer necessary

7. Employee Rights

Employees have the right to:
- Be informed about monitoring
- Request access to their personal data
- Request rectification or deletion of inaccurate or unlawfully held data
- Object to processing under certain circumstances
- Lodge a complaint with the relevant Data Protection Authority

8. Enforcement and Review

This policy is enforceable by the organisation’s Human Resources department and/or Data Protection Officer. It will be reviewed annually or in response to significant regulatory or operational changes.

This document was last updated 24th April 2025

Built on the work of so many who have gone before, this resource is brought to you by the AUC Ministerial Association for the glory of God and the expansion of the Kingdom. Image credits: Adobe Stock and iStockphoto.com
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram