In an ultra-competitive context, the use of new tools—most often computer-based—is an indispensable aspect of sales strategy. Firms use the data that the tools generate to manage different aspects of the business effectively. Of course, this falls within the scope of the various data protection regulations and raises questions about individual rights.

A works council is a group delegated by employees to represent their interests to their employers. In certain European jurisdictions, works councils are mandatory. In France, they are a must if you employ more than eleven persons; and in Germany, the threshold is even lower: five employees .

Depending on in which jurisdiction the works council is based, it can have rights concerning co-determination, consultation and distribution of information within the company. When it comes to individual rights, the works council attempts to secure the economic and social interests of the company and its employees, in particular. With all this in mind: when new tools are introduced, significant issues can arise between management and works councils.

  1. Anticipation: make sure you start consulting the works council well before you launch your new tools. Besides the fact that its procedures tend to be long, keeping the work council involved from an early stage will create a trustful environment. Also, what data to gather must be determined in advance of processing the personal data.
  2. Transparency: be open about the intended use of the new tool and the data that is to be processed. To give works councils proper documentation, like a note of information, is important. Works councils are bound by an obligation of secrecy regarding confidential information.
  3. Clarity: use simple language in documents and presentations given to the works council, as members may not be technical experts.
  4. Respect for procedure: procedures can be long , and you must respect them as part of labour law. Also, you must be compliant with the relevant data protection laws. Depending on what tool will be implemented, the impact can be significant, and a data protection impact assessment may be necessary.
  5. Coordination: in a typical setting, several departments are involved when a new tool is introduced: Management, IT, Security, Legal, Human Resources and the works council. It is imperative to create a good bond between the various stakeholders. Involving an independent third party, such as a global DPO, may be helpful.

If you want to discuss this topic, or anything else data protection and privacy-related, please contact us at