Regolament Ġenerali dwar il-Protezzjoni tad-Data
The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 440) regulate the processing of personal data whether held electronically or in manual form. The Department of Industrial and Employment Relations is set to fully comply with the Data Protection Principles as set out in such data protection legislation.
Purposes for collecting data
The Department of Industrial and Employment Relations collects and processes information to carry out its obligations in accordance with present legislation. All data is collected and processed in accordance with Data Protection Legislation and the Employment and Industrial Relations Act and its subsidiary legislations.
Recipients of data
Personal Information is accessed by the employees who are assigned to carry out the functions of the Department of Industrial and Employment Relations. Personal Data will be disclosed to the Data Protection Officer. Disclosure can also be made to third parties but only as authorized by law.
Your rights
You are entitled to know, free of charge, what type of information the Department of Industrial and Employment Relations holds and processes about you and why, who has access to it, how it is held and kept up to date, for how long it is kept, and what the Unit is doing to comply with data protection legislation.
The Data Protection Act, the GDPR, and any other related legislation, establish a formal procedure for dealing with data subject access requests. All data subjects have the right to access any personal information kept about them by the Department of Industrial and Employment Relations, either on computer or in manual files. Requests for access to personal information by data subjects are to be made in writing and posted to the Data Controller of the Department of Industrial and Employment Relations. Your identification details, such as ID number, name and surname and address are to be submitted with the request. In case we encounter identification difficulties, you may be required to present an identification document.
The Department of Industrial and Employment Relations aims to comply as quickly as possible with requests to access personal information whilst ensuring that it is provided within a reasonable timeframe; not later than one month from the receipt of such request, unless there is good reason for delay. When a request for access cannot be met within a reasonable timeframe, the reason will be explained in writing to the data subject who is making the request. Should there be any data breaches, the data subject will be informed accordingly.
All data subjects have the right to request that their information is amended, erased or not used in the event that the data results to be incorrect.
In case you are not satisfied with the outcome of your access request, you may refer a complaint to the Information and Data Protection Commissioner, whose contact details are provided below.
The Data Controller is the Director General, Employment and Industrial Relations who may be contacted at:
Address: 109,121 Melita Street, Valletta, VLT1121
Telephone: 23975208
Email: [email protected]
The Data Protection Officer may be contacted at:
Address: 109,121 Melita Street, Valletta, VLT1121
Telephone: 23975168
Email: [email protected]
The Information and Data Protection Commissioner
Address: The Information and Data Protection Commissioner may be contacted at:
Level 2, Airways House,
High Street,
Sliema SLM 1549
Telephone: 23287100
SCOPE
1. This Policy is aimed at regulating the retention, maintenance and disposal of documentation, both personal and other, within the Department of Industrial and Employment Relations, as provided for in the Employment and Industrial Relations Act and its Subsidiary legislations, and in consonance with the principles of data protection legislation, and other legal provisions in Maltese Law.
BACKGROUND
2. The GDPR puts forward the principle that personal data and sensitive personal data should not be retained for periods that are longer than necessary. In this context, the Department of Industrial and Employment Relations will be putting forward a retention policy for all data and documentation that it collects and processes, with the purpose of ensuring compliance to the Regulation and to ensure that no resources are utilised in the processing and archiving of data which is no longer of relevance.
OBJECTIVES
3. This policy aims to achieve the following objectives:
a. Regulate the retention of and disposal of the various types of documentation whether held in manual or automated filing systems within the Department of Industrial and Employment Relations, while adhering to the Data Protection principle that personal data should not be retained for a longer period than necessary;
b. Dispose of unnecessary documentation that is no longer relevant and is taking up useful storage space;
c. Promote the digitisation of documentation as may be reasonably possible in order to minimize the use of storage space required to store the required documentation, as well as to promote a sustainable use of paper and printing consumables.
ADMINISTRATION
4. Documentation is held and recorded by the Registry and Administration sections within the department. This Policy is therefore applicable to all such documentation. It will be the responsibility of the relevant the Department of Industrial and Employment Relations and its Data Controller to ensure that all provisions of this Policy are adhered to. In the case of any issues with personal data, the final decision rests with the the Department of Industrial and Employment Relations’ Data Protection Controller and Data Protection Officer for endorsement.
DOCUMENTATION HELD WITHIN THE DEPARTMENT OF INDUSTRIAL AND EMPLOYMENT RELATIONS
5. As part of its operating requirements the Department of Industrial and Employment Relations, requests, keeps and maintains a wide range of documentation which may include personal data. The various types of documentation utilised by the Department of Industrial and Employment Relations may be categorised as follows:
HR And Administrations:
a. Personal Data of DIER employees;
b. Attendance and absence records;
c. Discipline related Records;
d. Financial records including payslips, tax and national insurance contributions, procurement documentation, etc.;
e. Medical records;
f. Other related records
Collective Agreements:
a. Details of Employer and Union that negotiated the agreement;
b. Employment conditions of the Employees the agreement covers
Employment Agencies:
a. Personal Data of the competent person;
b. Details relating to the type of activities of each agency
Employment Status:
a. Personal Data of the two parties to the exemption request
Posted Workers:
a. Personal Data of workers being posted;
b. Conditions of work of these employees (salaries, bonuses and allowances);
c. Details of posting company and contact person within the company
d. Duration of posting period;
e. Other relevant details
Termination Files Cases:
a. Cases that are solved at DIER
b. Cases that are solved at Court
Inspection Files Cases:
a. Cases that are solved at Court
Union Registration:
a. Personal Data President and Secretary of the Union/Association;
b. Statutes of the Union/Association;
c. Other relevant details.
Young Persons:
a. Personal Data of the young person, guardian and employer;
b. Employment conditions.
Dossier Files (Company Files)
Affidavit Records
Trade Dispute Files
Industrial Tribunal Files
Fines Permits
Banking of Hours Permits
Trade Unions Verification Files
Public Contracts Files
Warnings received by DIER
Generic Emails
Miscellaneous Files – Inspectorate and Termination Files
SECURITY OF DOCUMENTATION
6. Documentation is maintained in an accessible but secure location with adequate access provided to officials who have the clearance level to access the relevant documentation. In the case of documents with sensitive personal data with higher clearance levels, access control protocols are fully adhered to, to ensure that only those that have the required security clearance can access to such documentation.
7. In the case of personal data, the GDPR also stipulates that only those required to process personal data should have access to personal records.
8. Personnel who are found to be in breach of these security protocols, and thus in breach of the GDPR, will be subject to disciplinary action.
MANUAL VS ELECTRONIC RECORDS
9. In terms of retention periods, it needs to be pointed out that the same retention period will apply for both electronic and manual data.
EXEMPTIONS
– Registration of Trade Unions – chapter 452 legislation
– Employment Agency – S.L 343.24
RETENTION PERIOD
10. Retention of different categories of documents is governed by different requirements and different legislation and regulations. The following schedule outlines the retention requirements for the various categories of documentation within the Department of Industrial and Employment Relations.
Category | Retention Period |
|
|
HR and Administration |
|
|
|
Personal Information |
|
Employee Personal File | Retention period will follow PSD regulations |
Application forms for enlistment, calls, positions etc | Retention period will follow PSD regulations |
Application Forms for the filling of positions co-financed from EU Funds | Retention period will follow PSD regulations |
Applications for training opportunities | Retention period will follow PSD regulations |
Training Courses provided | Retention period will follow PSD regulations |
|
|
Attendance and Absence Records |
|
Attendance Sheets | Retention period will follow PSD regulations |
Vacation Leave Application Forms | Retention period will follow PSD regulations |
Yearly Leave balances | Retention period will follow PSD regulations |
|
|
Disciplinary records |
|
Admonishments | Retention period will follow PSD regulations |
Disciplinary Charges | Retention period will follow PSD regulations |
|
|
Medical Records |
|
Sick Leave Certificates | Retention period will follow PSD regulations |
Sick Leave Records | Retention period will follow PSD regulations |
Medical History | Retention period will follow PSD regulations |
Medical Referrals | Retention period will follow PSD regulations |
|
|
Financial Documentation |
|
Tax and National Insurance Records | Retention period will be for 10 years |
Procurement Records | Retention period will be for 10 years |
Accounting Records | Retention period will be for 10 years |
Inventory Records | Retention period will be for 10 years |
Yearly Financial Statements | Retention period will be for 10 years |
|
|
Termination Cases |
|
Cases that are solved at DIER | Physical and Electronic file will be retained for 5 years from the date the case is solved |
Cases that are solved at Court | Physical and Electronic file will be retained for 5 years from the date the case is solved |
|
|
Collective Agreements |
|
| Physical and Electronic file will be retained for 8 years from the date the collective agreement expires |
|
|
Inspection Files Cases |
|
Cases that are solved at Court | Physical and Electronic file will be retained for 5 years from the date the case is solved |
|
|
Public Contracts Files | Physical and Electronic files will be retained for a period of 5 years from date the case is solved |
|
|
Dossier Files (Company Files) | Companies that no longer exist will be deleted from the Department’s system. |
| Physical and Electronic files will only be retained for a period of 10 years |
Employment Status |
|
Personal Data of the two parties to the exemption request | The details containing the name, ID, contact details will be retained for a period of 10 years |
|
|
Posted Workers |
|
Personal Data of workers being posted | The details containing the name, ID, contact details and duration of posting period will be retained for a period of 5 years from the first approval |
|
|
Affidavits | Retention period will be 5 years from date of Affidavit |
|
|
Trade Dispute Files | Retention period will be 8 years from the date of the last meeting held at the Department or correspondence |
|
|
Industrial Tribunal Files | Retention period will be 10 years from date of court sentence |
|
|
Warnings | Retention period will be 3 years from date of receipt |
|
|
Generic Emails | Retention period will be 8 years from date of receipt |
|
|
Fines Approval | Retention period will be 5 years from date of issue |
|
|
Banking of Hours | Retention period will be 5 years from date of issue |
|
|
Young Persons | The details containing the name, ID, contact details will be retained for a period of 10 years from date of approval |
|
|
Miscellaneous Files | Retention period will be 8 years from date of receipt |
|
|
Trade Unions Verification Files | Retention period will be 8 years from date the verification report is issued |
CONCLUSION
This retention policy aims to achieve a good working balance between the retention of useful and meaningful information in line with the provisions of the relevant legislation and the disposal of data which is no longer required and is being archived unnecessarily. Data that needs to be destroyed after the noted timeframes will be disposed of in an efficient manner to ensure that such information will no longer be available within the Department of Industrial and Employment Relations. Data Protection Controllers, Heads, and DPOs are aware of the noted retention periods and will instruct all relevant personnel to follow the indicated procedures accordingly.
It is to be noted that anonymised or statistical data do not fall within the parameters of this Retention Policy, since they do not constitute identifying personal data.