Teleworking and GDPR: a few tips to move forward safely.

GDPR: our reminders about teleworking

If you want to benefit from teleworking in your organization, it is necessary to secure your data, in order to comply with the General Data Protection Regulation (GDPR), which came into force in May 2018. The GDPR establishes measures that businesses must follow to improve the security of their data. Its objective? Protecting personal information and allow a reduction in the number of security breaches allowing businesses and individuals to better control their data.

Am I affected by the GDPR?

SMEs, start-ups or large groups, regardless of their size, All organizations have an obligation to comply with the GDPR. The latter applies to all companies based in the EU as well as to those processing or storing personal data of citizens of the European Union. In case of non-compliance with the GDPR, the organization may be fined up to 4% of its total annual turnover.

Personal data: what are we talking about?

The GDPR defines personal data as all the information that can be used to identify a person. This also includes the combination of several biographical data, but also information about the place of work or even about the person's appearance.

Safety first: the importance of a telework charter

Despite the growing number of businesses using remote working, more than half of employers do not yet have a formal remote work policy (2). However, it is advisable to implement a solid teleworking charter to best support employees in this change of model. Indeed, when some people in the company are remote, it is essential to ensure that they correctly understand how to collect and access data, in a completely transparent manner and in accordance with the GDPR. Below, here are some questions that employees can ask themselves and that should allow you to best build this teleworking charter:

“What are my responsibilities?”

Above all, Describe the responsibilities and roles of employees and include a clear description of their daily tasks. Then, if you ask your employees to respect a “classic” working day, mention it clearly. However, it is recommended to incorporate a new state of mind and to allow greater independence and greater flexibility. This will help you create an environment based more on highlighting everyone's results.

“What data do I have access to? And how?”

Your telework charter must List all the rules that clearly determine who should have access to what. It must therefore clearly indicate the responsibilities and rights of each employee regarding access to company servers. In general, no employee should have full access to data that they don't use for their daily tasks, regardless of whether they're working from home or not. It is therefore possible to moderate certain accesses and allow your employees to access only the data they need to do their work.

“How should I manage my passwords?”

The establishment of a regulation dedicated to the use of passwords that are sufficiently strong is an extremely important axis to guarantee the security of company data. Every access to professional files and data, emails, or the corporate network must be controlled by strong passwords. A few basic rules make it possible to comply with this requirement:

• Use strong passwords that are memorable, non-identifiable, and unique for each service you use.
• For better protection of your data, implement two-factor authentication (or more).
• Update logins and passwords on a regular basis.
• If possible, limit the number of login attempts before blocking access to the service.

Some additional recommendations

Finally, here are 3 simple tips to implement to help you improve data security for your remote employees:

Set up a secure web connection

The installation of a secure network is particularly important, whether your employees are teleworking or not. So you can encourage the use of a virtual private network (VPN) for people working remotely. With this type of installation, you will no longer have to worry about accessing your company data from personal computers or connected to unsecured public networks. It is also possible to configure two-factor identification to further secure your data.

Focus on secure web applications

An informed choice in terms of web services allows you to improve your security guarantees. In fact, most online services (email, cloud, CRM, etc.) have integrated security measures to offer additional protection to their users. So, when you need to choose any new service, make sure you understand what protections you have. Do not hesitate to consult professionals on this subject to better consider the various choices available to you.

Encrypt the devices made available to employees

It is advisable to set up Encryption for devices assigned to remote employees. For example, it is possible to install encryption software that will work on all the data on the computer or only on certain files. Another option is to install remote cleaning software, which erases all company data on the device when it is lost or stolen.

To go further

Find simple and fun solutions to strengthen your data access system

It is possible to organize training courses or workshops within your organization so that your employees can acquire a higher level of data security awareness. Even if these courses can be a quick solution to set up, they can also be expensive. It is therefore important to find other ways to make your employees aware of security issues and the GDPR. Blog posts or podcasts that deal with concrete cases can play a crucial role in drawing their attention to the subject. Another more fun solution, gamification can also encourage your team's commitment to the importance of data security and GDPR compliance.

‍