What monitoring may lawfully be performed within the scope of Gentle Hedgehog's business?

Under GDPR and EU employment law, employee monitoring must comply with the principles of necessity, proportionality, legitimacy, and transparency​.

Legal requirements for employee monitoring:

Necessity: Employers must demonstrate that monitoring is necessary for a legitimate purpose.

Proportionality: The monitoring must be the least intrusive method available.

Transparency: Employees must be fully informed about what is being monitored​.

Why is D the correct answer?

GDPR requires that monitoring must be explicitly communicated and justified.

Employers can monitor work emails, browsing history, and video calls, but only if employees are clearly informed and the purpose is justified​.

Why are other answers incorrect?

A (Monitoring all contractor activity) → Contractors have data protection rights too; monitoring must still be necessary and proportionate.

B (Daily consent requirement) → Employee consent is not valid under GDPR in most cases due to power imbalance​.

C (Monitoring in non-secure environments only) → The location does not determine the lawfulness of monitoring.

Conclusion: The correct answer is D, as only explicitly marked and justified monitoring is lawful under GDPR​.