Tarcza antykryzysowa

Home office: Personal data processing rules  

Krzysztof Grabowski, Data Protection Officer  
Tarcza antykryzysowa
The remote working model involves numerous obligations for employees and employers. The security of processing personal data at home constitutes one of the areas which require special attention.

Employers who have decided to use the home office - and according to the statistics, there is a large majority of them - should formulate guidelines and recommendations on personal data protection for their employees. We have developed a set of major rules concerning this area based on PDPO recommendations and best practices on information security.

Data security during remote work - the most important rules:

  1. Make sure your computer is properly secured. Lock it if you're moving away from it.
  2. Set up your monitor in a comfortable way so that it is not visible to other people (even family members).
  3. Use only trusted and password-protected internet networks.
  4. Always access the network using an encrypted VPN connection.
  5. Remember to send business emails only from your company mailbox.
  6. Protect your computer from destruction, such as flooding or damage.
  7. If you use private equipment to work remotely, you should:
    • secure the computer with a password,
    • download programmes from trusted sources,
    • update your operating systems and programmes on an ongoing basis,
    • provide protection in the form of an anti-virus programme.
  8. Comply with the organization's data protection and information security policies.
  9. When participating in videoconferences, webinars, expert panels remember:
    • to provide a minimum amount of personal data (use pseudonyms and business e-mail address),
    • not to share confidential data (including personal data) during public chats, video conferences,
    • to make sure you don't have open application windows containing confidential information when sharing your screen during a conversation,
    • to turn off the microphone and the camera if you are not currently active,
    • to turn off the microphone and camera and leave the meeting after the video conference.
  10. If necessary, paper documents containing confidential information (including personal data) should be processed in the following way:
    • Scan the original documents (if possible) and store them electronically on a network drive,
    • Minimize the number of documents stored at home,
    • Secure the documents you work with at home properly, so that others do not have access to them,
    • Destroy unnecessary documents.
  11. Incidents related to data leakage, unauthorized access, theft or loss of documents should be reported as soon as possible to the person / department responsible for data security.

A further step to formalise and specify the above rules can be done by introducing a remote working policy or a policy for the use of private equipment for business purposes (bring your own device policy).

Personal data protection

Contact our expert