NJORD Estonia: How to regulate data protection when working remotely?
An employer, who decided to implement remote work in his company, turned to me. The employees may work from home for a certain amount of days per week. The employer had two questions:
- how to guarantee that the work shall be done when working remotely;
- how to ensure data protection when telecommuting?
There are several ways to solve the situation. One would be to draw up remote work rules in addition to the normal rules of work. This is the option the employer chose. I drew up the remote work rules so that they would be easy to understand and fulfil and wouldn’t leave much room for dispute.
The rules outline clearly the conditions of remote work set by the employer, including the responsibility of the employee. Responsibility is important when performing remote work, as the employer does not have a constant overview of the employee’s performance of duties and cannot check them. Thus, the employee can decide whether the requirements, set to remote work, can be met.
The rules of data (incl. personal data) and business secrets’ protection are clearly stipulated in the remote work rules, drawn up for the employer. In other words, the rules cover the following matters: where the employee may take the computer and the employer’s documents, what kind of IT-solutions can and must be used, where and how the documents must be kept and how to act when there is a risk of data leakage or a leak has occurred.
All stages of remote work should be reviewed upon remote work agreement, they must be regulated in writing and introduced to the employee.