We want to monitor employee activity, what about works council and CLA?
Staff monitoring lives under GDPR, labour law and works-council rules. WOR article 27 requires works-council consent for personnel-tracking arrangements. A DPIA up front is practical standard.
Try this first
- 1Define purpose and means. Productivity, security or fraud detection, and what minimal means achieves it? That purpose lands in policy and privacy notice.
- 2Run a DPIA. Employee monitoring is structural and large-scale by definition, so risks to subjects must be assessed.
- 3Get works-council consent under WOR article 27 for the personnel-tracking system. No consent, no rollout.
- 4Check the CLA. Some collective agreements add requirements or ban specific monitoring; read them or ask your employer's organisation.
- 5Communicate to staff. A staff regulation with clear wording on what is monitored, why, and what rights employees have belongs in the package.
When to bring us in
Targeted monitoring of an individual employee (suspected fraud, for example) needs legal advice and evidence strategy up front.
See also
- Does NIS2 apply to my company?Two questions decide it: are you in a listed sector, and do you meet the threshold from Recommendation 2003/361/EC (more than 50 FTE and more than EUR 10M turnover or balance sheet). Below that you are only indirectly in scope, via your customers. The threshold determines whether you are an important or essential entity depending on sector.
- What changes with the Dutch Cyber Security Act?The Cyberbeveiligingswet is the Dutch implementation of NIS2. Track NCSC for the exact effective date and the lower regulations.
- Am I personally liable as a director under NIS2?Yes. The board is accountable for approving and overseeing the cyber measures. Severe negligence can become personal.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.