Since the start of the Corona crisis, one thing has become apparent in Germany: The country is not as digital as its citizens have previously assumed. Be it the hopelessly overloaded online learning platforms of schools, universities and other teaching institutions or the sometimes difficult measures for working from the home office. Many employers recognized the situation early on and, if possible, let their employees work from the home office, which has made a major contribution to reducing the risk of infection. However, the practical implementation did not always go smoothly and in many companies it has been shown that both the technical standard and digital knowledge for location-independent work urgently need to be modernized.
Corona does not override the GDPR
The pandemic has created a lot of uncertainty and doubt in recent months. From complete ignorance in the early days to excessive and thoughtless short-circuit reactions, everything was there. This is a difficult time not only for employees, but also for HR departments and management. The way to the home office was a good and sensible measure, but it was not a matter of acting mindlessly.
The General Data Protection Regulation, which has been in force since May 2018, did not automatically lose its importance due to Corona, which means that it still has a direct impact on the handling of data in the home office. Legal requirements must continue to be complied with and implemented.
Telephone numbers, e-mail addresses, bank details, personal details or company information – many employees need all these details in order to go about their work. However, this data is something that needs to be protected and for this reason should not even reach your personal computer at home. Contrary to the concerns of many employers that working from home could lead to a reduced work ethic, something completely different emerged during this difficult time: The commitment to good work performance is also there in the home office, but unfortunately the technical framework in a majority of German companies does not play well .
Create connection – maintain security
In order to be able to act efficiently and in compliance with data protection regulations in the home office, it is the task of the management to take appropriate measures or to commission a corresponding system set-up. Ideally, employees only work from home with company laptops that are configured according to company and security requirements. Typically, these devices clearly define which applications are allowed to run, what access rules look like and which security precautions must be in place.
EXTRA: 5 tips on how to work safely in the home office [+ checklist]
Solution: Virtual Private Networks (VPN)
It is therefore recommended that employees dial into the company network via encrypted virtual private networks, or VPNs for short, that are protected from access by unauthorized third parties. VPN networks are a safe and easy option for accessing data regardless of location. Via these connections, employees can securely dial into the company network from home and thus access the company server and thus access the required applications or data. This allows them to go about their work and do not have to save any data, information or contacts locally on a computer, which significantly reduces the dangers in data management.
At the same time, it enables all employees, regardless of where they are, to access the data and applications. Since the beginning of the pandemic, companies that have already given their employees flexibility in choosing their place of work in the past have benefited. Likewise, those that make company laptops available as standard, which employees use to access company data and applications and which are connected to the central server. Here, everyday work could be easily adapted to the requirements of fighting pandemics, as the technical infrastructure was already in place.
In such cases, setting up a VPN is quick and easy: A VPN client is installed on the employee’s laptop, which then dials into the company’s VPN network. It is more difficult for companies that need the presence of their employees at machines, systems or positions on site to control systems, production or the like. Working from home is not an option here.
Digital communication tools: GDPR-compliant?
Digital communication tools such as Office 365, Skype, Slack, video or telephone conferences saw an extreme upswing during the crisis and are now well accepted by even the otherwise self-confessed digital grouch because of their regular use. But here, too, there are tools that are GDPR-compliant and those that are not:
- The video conferencing solution Zoom, which is now very popular in the business environment, should be treated with caution in terms of data security. The solution is hosted in the USA and therefore all video calls run via servers there, which is not GDPR-compliant for personal data.
- Other video conferencing solutions such as Skype or Google Hangouts should only be used after consulting the company’s own data protection officer, because a client must be installed to use them, which automatically requests access to sensitive data. This is also not GDPR compliant.
- Better: Open source-based video call solutions such as BigBlueButton or Jitsi. They are hosted directly on a server in the company or by the managed service provider and can be started without client software – that is, simply in the browser.
Overall, however, it has also been shown here that the technology used in companies often lags far behind the standard. Computers without a webcam, ancient computers that do not support modern programs sufficiently or not at all, have driven many employees or their communication partners insane in the last few weeks. Such programs do not necessarily have to be installed on the employees’ computers. Use in a cloud is ideal here.
EXTRA: Data protection at home: There are pitfalls lurking here in the home office
Solution: Professional maintenance of computers and servers
The programs run on high-performance server hardware, with which you can simply add more computing power (CPU) if necessary. Video conference tools such as BigBlueButton or the open source conference tool Jitsi in particular require a lot of hardware resources for trouble-free performance. In addition, the professional maintenance of company computers and servers is particularly crucial for the productivity of the entire company:
Patches, program updates and regular updates of operating systems and computers are important to ensure performance and security. Anyone who employs an expert in the background prevents collective aging of the entire infrastructure, which would be expensive in the sum of an overhaul.
Instead, service providers help maintain individual devices or replace them if necessary. The establishment and development of infrastructures is also much more specific and needs-based with the help of a personal contact person. In this way, they precisely determine the performance requirements and resource requirements for the applications so that the systems can deal with load peaks without problems, even with applications from the home office. Nevertheless, these solutions remain extremely scalable and can be quickly adapted to new requirements if necessary. As a result, customers only pay for what they really need and use.
Conclusion: crisis as a digital opportunity
The crisis has shown how important a home office can be to ensure the survival of a company, and how beneficial a modern and high-performance IT infrastructure can be. For entrepreneurs, this should be an incentive to keep existing structures up-to-date and to adopt new digital paths and processes for themselves and for employees at an early stage, in order to avoid little time due to technical problems or lengthy introductions of employees to programs or systems if necessary.