According to a 2019 study (1), 29% of French people practiced remote work. The contractualization of this remote work is also up by 3 points between 2018 and 2019 (from 6% to 9%). Whether it is to collaborate with our international teams or to adapt to each family’s needs, we also encourage this practice at 10h11. However, it must be accompanied by clear measures, both technological and organizational.
GDPR : our reminders regarding telework
If you wish to benefit from remote working in your organization, it is necessary to secure your data, in order to comply with the General Data Protection Regulations (GDPR), which came into force in May 2018. The GDPR establishes measures that companies must respect to improve the security of their data. His goal ? Protect personal information and allow a reduction in the number of security breaches allowing businesses and individuals to better control their data.
The GDPR, am I concerned?
SMEs, start-ups or large groups, whatever their size, all organizations have an obligation to comply with the GDPR. The latter applies to all companies domiciled in the EU as well as those processing or storing personal data of citizens of the European Union. In the event of non-compliance with the GDPR, the organization may be fined up to 4% of its total annual turnover.
Personal data: what are we talking about?
The GDPR defines personal data as all the information that can be used to identify a person. This also includes the association of several biographical data, but also information on the workplace or even on the appearance of the person.
Safety first: the importance of a remote work charter
Despite the growing number of companies using telework, more than half of employers do not yet have a formal policy on remote working (2). It is however advisable to set up a solid remote work charter to best support employees in this change of model. Indeed, when certain people in the company are at a distance, it is essential to ensure that they correctly understand how to collect data and have access to it, in a completely transparent manner and in line with the GDPR. Below, here are some questions that employees may ask themselves and which should allow you to best build this remote work charter:
“What are my responsibilities?”
Above all, describe the responsibilities and roles of the employees and include a clear description of their daily tasks. Then, if you ask your employees to respect a “classic” working day, mention it clearly. It is nevertheless recommended to integrate a new state of mind and to allow greater independence and increased flexibility. This will help you create an environment based more on highlighting each other’s results.
“What data do I have access to? And how ?”
Your remote work charter should list all the rules that clearly determine who should have access to what. It must therefore clearly indicate the responsibilities and rights of each employee regarding access to the company’s servers. In general, no employee should have full access to data that they do not use for their daily tasks, whether they are remote working or not. It is therefore possible to moderate certain accesses and authorize your employees to access only the data they need to do their job.
“How should I manage my passwords?”
Establishing a policy dedicated to the use of sufficiently strong passwords is an extremely important axis to guarantee the security of company data. Each access to files and professional data, to emails or to the corporate network must be controlled by strong passwords. Some basic rules allow you to comply with this prerequisite:
- Use strong passwords that are rememberable, unidentifiable and unique for each service used.
- For better protection of your data, set up two-factor (or more) authentication.
- Update login credentials and passwords on a regular basis.
- If possible, limit the number of connection attempts before blocking access to the service.
Some additional recommendations
Finally, here are 3 simple tips to help you improve data security for your remote working employees:
Set up a secure web connection
The installation of a secure network is particularly important, whether your employees are telecommuting or not. So you can encourage the use of a virtual private network (VPN) for people working remotely. With this type of installation, you will no longer have to worry about accessing your company data from personal computers or connected to unsecured public networks. It is also possible to configure a two-factor identification to further secure your data.
Favor secure web applications
An informed choice in terms of web services allows you to improve your security guarantees. Most online services (messaging, cloud, CRM, etc.) have integrated security measures to offer additional protection to their users. So when you have to choose a new service, whatever it is, make sure you understand the protections you get. Do not hesitate to consult professionals on this subject to better consider the different choices available to you.
Encrypt the devices made available to employees
It is advisable to set up an encryption for the devices entrusted to remote working employees. For example, it is possible to install encryption software that will work on all data on the computer or only on certain files. Another option is to install remote cleaning software, which will erase all company data on the device when it is lost or stolen.
To go further
Find simple and fun solutions to strengthen your data access system
It is possible to organize training or workshops within your organization so that your employees can acquire a higher level of awareness of data security. While these trainings can be a quick fix, they can also be costly. It is therefore important to find other ways to educate your employees about security issues and the GDPR. Blog articles or podcasts that deal with concrete cases can play a crucial role in attracting their attention to the subject. Another more fun solution, gamification can also encourage your team’s engagement on the importance of data security and GDPR compliance.