Privacy & Working From HomePragmatic recommendations for telecommuting

Privacy & Working From HomeINFORMATION

THE CURRENT SITUATION

The current pandemic caused by COVID-19 is keeping the state, companies and citizens on their

toes. At the moment, data privacy is not a priority. It is evident that the majority of Germans are

willing to compromise on data privacy measures as much as is necessary to contain the

pandemic.

One of the most common measures taken to help contain the spread of COVID-19 is working from

home. However, it is important to continue operating in a privacy-friendly manner whilst

remaining pragmatic when telecommuting.

The following are measures that the team of specialists at DataGuard recommends in managing

and executing work from home in a privacy-friendly way. If you have any further questions on this

topic, feel free to contact us.

OUR RECOMMENDATIONS

Employers should organize an agreement with their employees surrounding the terms of

telecommuting before they start working from home. If necessary, this agreement may exist

alongside their applicable emyployment contract. The agreement should explicitly state that

compliance with the applicable technical and organisational measures of working from home is

necessary.

Ideally, the company would have a policy that addresses the following points:

The employer’s responsibilities concerning telecommuting

Insurance/liability for accidents resulting from or connected to work

Coverage of expenses

Provisioning of work equipment

Commitment to data privacy/secrecy

The obligation to inform in accordance with Articles 13 & 14 GDPR should be reviewed and

updated where necessary and communicated to all parties concerned.

A confidentiality agreement should be entered into with roommates/members of the household if

it is not possible to have a separate work area.

A risk assessment of the workplace (according to §5 of the Occupational Safety and Health Act)

should be carried out.

Possible data privacy issues must be reported immediately to the relevant persons.

Technical Dos & Don’tsINFORMATION

The use of company provided IT infrastructure for purposes other than

work should be prohibited and randomly checked

The use of private hardware/software for work should be prohibited

Activate automatic screen-lock after a maximum of ten minutes of

inactivity

All operating systems should be protected with a secure password

A two-factor authentication should be implemented

The provided telecommunication infrastructure should be used

Data transfers, such as e-mails, should be encrypted using SSL/TLS

Use a VPN to connect to the company network

If possible, employees should not connect to the Internet via a private

Wi-Fi network, but a LAN cable.

Organisational Dos & Dont’sINFORMATION

Adhere to the instructions of the employer regarding telecommuting

Prepare a suitable workstation. The following should be considered:

- A room designated for work (E.g. A study)

- Set up and test the stability of the infrastructure (E.g. Power, internet

connection, mobile phone reception, etc.)

- Ergonomic seating & workstation (E.g. A desk & appropriate chair)

- Agree to rules of conduct with flatmates, household members, etc.

- Sufficient light and fresh air (open windows)

Define time slots for work and breaks

When leaving the workplace, the same routine practiced in the office

should apply :

- Lock the screen

- Store/cover sensitive documents

- Close the windows and doors when leaving the workstation and, if

possible, make the laptop inaccessible to others

Ensure that business conversations contaning personal data or addressing

sensitive topics cannot be heard by third parties

Documents with sensitive data should be collected and disposed of in the

shredder when it is possible to return to the office as opposed to disposing

of them in regular bins.