The Corona crisis is turning most people’s everyday work upside down. In order to contain the pandemic, numerous companies are hastily sending their employees to the home office, which has been mentioned so often – although not every company is up to date with the latest digital status and the corresponding changeover is accompanied by challenges that cannot always be overcome quickly and easily. Even if the current extraordinary situation requires quick action and unusual measures, there are still some rules to be followed. After all, no company wants to be easy prey for hackers in addition to the economic challenges. Therefore, certain measures should continue to be followed in terms of data protection.
Not at home without a head
First of all, when it comes to data protection, entrepreneurs need to determine whether their employees are working with personal data or not. However, this applies to almost every workplace, since personal or person-related data not only include names, but also, for example, IP addresses, telephone numbers, e-mail addresses, account details or personnel numbers. Particularly when a company works as a processor, i.e. as an external service provider, and processes personal data from other companies in accordance with instructions, it is particularly important to pay attention to data protection.
In case of doubt, the employer is obliged to ensure the technical and organizational measures for data protection: in the case of home office, for example, by visiting the workplace, for which the works council, occupational safety inspectors or professional association bodies can be called in. But even if these visits are not currently being held to the extent necessary, companies should at least encourage their employees to follow certain measures.
Immediate action to protect your data
1. Encrypt and lock
First of all, the study should be lockable and documents should be kept in a lockable cupboard. Laptops, PCs and external data carriers such as USB sticks must also be encrypted or locked. The electronic company network should also only be accessible to employees via a secure password, just as communication by e-mail should only take place via the company’s server and thus encrypted. To ensure the security of the network outside of the office, it is advisable to use virtual private networks, so-called VPNs.
2. Cell phone at work
When using the company cell phone, employees should avoid messenger services such as WhatsApp, which are not considered data protection compliant according to the GDPR. Other apps or SMS offer alternatives for companies. Normally, employees should by no means use the same devices that are available for private use. However, if there is no other option, it must be determined to what extent the device is used.
EXTRA: 5 tips on how to work safely in the home office [+ checklist]
Meetings are now almost exclusively carried out via video conference. Webinars are also an alternative to face-to-face training. Finally, even or even especially in the current situation, entrepreneurs should continue to sensitize their employees to data protection. However, when choosing video conferencing software, companies must be aware of possible data protection risks and not carelessly choose any provider.
Work conscientiously even without penalties
Due to the current situation, working in the home office can be justified, even if the conventional requirements cannot always be met. Nevertheless, the level of data protection in this case must be ensured with alternative technical and organizational measures:
According to the GDPR, companies must act appropriately for the circumstances and the risk.
These circumstances are admittedly exceptional at the moment. However, managers and employees must adhere to security measures, especially in their own interest – to protect employees and company information. For entrepreneurs, it is therefore important to make regulations on how employees have to work in the home office and, ideally, to document these in a guideline and to make them known to the employees.