Search

Pay Transparency Directive and data protection

Haykuhi Gevorgyan

Haykuhi Gevorgyan

Lawyer
  • Reading time: 9 minutes

At first glance, the new EU Pay Transparency Directive appears to be purely a matter of employment law. In practice, however, it proves to be a highly sensitive interplay of employment law, data protection and internal governance. Wherever transparency regarding remuneration structures is to be established, the question of personal data protection arises at the same time.

It is precisely at this intersection that employers face significant legal and operational challenges. We highlight the key issues and outline concrete solutions.

Tip: Read our introduction to the Pay Transparency Directive for employers and HR managers.

How does the Pay Transparency Directive require data to be disclosed?

The Directive (full text) significantly expands existing transparency obligations. Two areas are central to this:

Under Art. 7(1) of the Pay Transparency Directive, employees have the right to receive information about their individual pay level and the average pay level of comparable groups of employees, broken down by gender and by groups performing the same or equivalent work. The Directive does not provide for any restriction based on company size or a minimum size for the comparison group.

The absence of a minimum group size is particularly sensitive from a data protection perspective, as there is a risk, particularly with small comparison groups, that conclusions can be drawn about individual employees, thereby creating the risk of unauthorised disclosure of personal data.

Under Art. 9 of the Pay Transparency Directive, the reporting obligation applies to employers with more than 100 employees:

  • Employers with 250 or more employees must submit a report for the first time by 7 June 2027 and subsequently on an annual basis (Art. 9(1) in conjunction with Art. 9(2) of the Pay Transparency Directive).
  • Employers with between 150 and 249 employees must also submit a report for the first time by 7 June 2027, and thereafter every three years (Art. 9(3) of the Pay Transparency Directive).
  • For employers with between 100 and 149 employees, the reporting obligation begins on 7 June 2031 and must subsequently be fulfilled every three years (Art. 9(4) Pay Transparency Directive).

Furthermore, the Directive allows Member States to extend the reporting obligation to smaller companies. It remains to be seen whether the German legislature will make use of this opt-in clause and lower the threshold to employers with fewer than 100 employees.

The content of the report is significantly more extensive than under current national law. In particular, it covers the gender pay gap, i.e. the difference between the average pay levels of women and men within a company, as well as the median gender pay gap, i.e. the difference based on median pay levels.

Depending on the size of the company and its internal personnel structure, this information may be personally identifiable or at least allow for the re-identification of individual employees.

What are the issues surrounding pay transparency and data protection?

The central tension arises from the conflict of objectives between promoting pay transparency on the one hand and protecting personal data on the other. The processing of personal data in an employment context is subject to the provisions of the General Data Protection Regulation (GDPR) and, in addition, the provisions of the Federal Data Protection Act (BDSG). Where personal data is processed in connection with the employment relationship, this requires a legal basis under data protection law.

It is precisely at this interface that the particular legal sensitivity of the Pay Transparency Directive becomes apparent: Compliance with information and reporting obligations may simultaneously give rise to the risk of unauthorised disclosure of personal data, particularly where it is possible to draw conclusions about the specific salaries of individual employees.

There are already fears that employers will be pulled in opposite directions by competing data protection and transparency obligations.

The Directive attempts to address this tension in Art. 12 of the Pay Transparency Directive. According to this, information provided in the context of the measures under Art. s 7, 9, and 10 of the Pay Transparency Directive, and which involves the processing of personal data, must be provided in accordance with the GDPR.

Please note: However, this only resolves the underlying conflict to a limited extent. In effect, the provision essentially refers to the data protection requirements that are already in force, without resolving the practical conflict of objectives between transparency obligations and data protection in detail. Precisely for this reason, the practical implementation remains legally and operationally challenging for employers.

A problem of particular relevance in practice is the identifiability of individual employees. Particularly in the case of small comparison groups, there is a risk that direct or indirect conclusions about individual persons can be drawn on the basis of disclosed pay information. The Pay Transparency Directive does not stipulate a minimum size for comparison groups to counter this.

Instead, Art. 12(3) of the Pay Transparency Directive allows Member States, in cases where such identification is a risk, to restrict access to the relevant information to employee representatives, labour inspectorates or equality bodies.

The Directive thus largely leaves the specific design of suitable protective mechanisms to the Member States and refrains from setting uniform thresholds to prevent re-identification.

It is currently unclear to what extent the German legislature will make use of this provision.

Art.  12(2) of the Directive makes it clear that personal data processed under Art. s 7, 9, or 10 may be used solely for the purpose of applying the principle of equal pay. This explicitly incorporates the data protection principle of purpose limitation set out in Art.  5(1)(b) of the GDPR and establishes a strict purpose limitation that must be consistently observed in day-to-day working practices.

How can employers ensure data protection under the Pay Transparency Directive?

Early preparation for the implementation of the Directive

Although the implementation deadline for the Pay Transparency Directive is 7 June 2026 and there is currently no concrete draft bill or legislative proposal in sight to amend the German Pay Transparency Act, employers should begin the necessary preparations now. This includes, in particular:

  • Analysis of existing pay structures and systems;
  • Developing procedures for handling requests for information;
  • Training of HR managers and executives.

Designing information procedures in compliance with data protection regulations

When processing requests for information, employers should observe the following principles:

  • Anonymisation and pseudonymisation: Where possible, pay information should be provided in anonymised or pseudonymised form. This is particularly important for small comparison groups in order to minimise the risk of identification.
  • Ensure purpose limitation: Ensure that pay information is used exclusively for the purposes of pay equality checks. Further processing for other purposes is not permitted.

Cooperation with the works council (if applicable)

The works council plays a central role in the implementation of pay transparency obligations in Germany. Employers should:

  • Involve the works council in the preparations at an early stage;
  • Develop joint procedures for handling requests for information;
  • Offer data protection training to works council members as well;
  • Where appropriate, make use of the option to provide information exclusively to the employee representatives in order to minimise identification risks (Art. 12(3) Pay Transparency Directive).

Documentation and transparency

Comprehensive documentation is essential both from a data protection perspective and for demonstrating compliance with transparency obligations:

  • Document all requests for information and how they are handled.
  • Include any new processing activities arising from pay transparency in your record of processing activities.
  • Create standardised templates for requests for information and responses.
  • Document the measures taken to protect personal data.

Technical and organisational measures

To meet data protection requirements regarding pay transparency, the following measures should be taken:

  • Access restrictions: Grant access to pay information only to authorised persons. To this end, implement role-based concepts and authorisation systems.
  • Deletion policies: Develop policies for the regular deletion or anonymisation of pay data that is no longer required.
  • Training: Provide regular training on data protection and pay transparency for all staff who work with pay data.

Communication with employees

Transparent communication helps to avoid misunderstandings and strengthen employees’ trust:

  • Inform the workforce annually about the right of access (Art. 7(3) Pay Transparency Directive).
  • Explain what information can be obtained in response to a request for information in order to avoid misunderstandings or misuse of the right of access.
  • Make it clear what measures are being taken to protect data. In particular, also inform employees about data processing in accordance with Art. 13 of the GDPR.
  • Provide contact persons for questions regarding pay transparency and data protection.

Preparing for reporting obligations

Large companies will face reporting obligations following the implementation of the Directive. To prepare for this, the following should be done:

  • Develop methods for calculating the gender pay gap.
  • Develop data protection-compliant methods for reporting and publication.

How will the German implementation of the Pay Transparency Directive take place?

The German legislature had to (but didn’t manage to) transpose the Pay Transparency Directive into national law by 7 June 2026, which is likely to require a comprehensive amendment to the Pay Transparency Act. It is expected that the German regulations will be designed to be more data protection-friendly than the minimum requirements of the Directive.

Please note: Even though the transposition is delayed, the Directive remains legally relevant: After the transposition deadline has passed, national courts are required to interpret the applicable law in accordance with the Directive. For companies, this may have significant implications in the short term regarding rights to information, equal pay disputes and the assessment of internal remuneration structures.

Conclusion: Pay transparency and data protection can be reconciled

The Pay Transparency Directive and data protection law are not in conflict with one another, but rather complement each other. With careful planning and the implementation of appropriate measures, employers can fulfil both their transparency obligations and their data protection obligations.

The key to success lies in early preparation, close cooperation with employee representatives and the implementation of robust data protection strategies.

Employers who tackle this challenge proactively can not only ensure legal compliance but also contribute to a fair and transparent pay culture, whilst simultaneously strengthening the trust of their employees.

Compliance management system

Build trust with business partners, employees, and customers - through proven compliance in all areas!
This is how it works!

Contact us!

+49 89 919294-900

Full details of how we handle your data can be found in our privacy policy.

Haben Sie die Entgelttransparenz­richtlinie schon umgesetzt?

Online-Training
mit Praxistipps 

10. Juni 2026 (10-12 Uhr)

Jetzt anmelden!

Secure the knowledge of our experts!

Subscribe to our free newsletter:

By clicking on "Subscribe now" you consent to receive our newsletter. We will only use your data in accordance with our privacy policy.