Personal data protection while working remotely – good practices
Personal data protection while working remotely – good practice
By dr inż. Grażyna Wójcik GDPR in practice
Devices
♦ Devices and software are provided by an employer to work remotely to perform official duties. Therefore, a company’s safety procedure must be followed
♦ Additional applications and software that do not comply with a corporate security procedure should not be installed.
♦ It is vital to ensure all the used devices have necessary updates of an operating system (IOS or Android), software and anti-virus system.
♦ It is necessary before beginning of work to set aside a suitable space so that possible bystanders do not have access to the documents worked on.
♦ A device worked on should always be locked when a person leaves a workplace.
♦ Secure your computer by using strong passwords, multi-factor authentication. This will limit access to a device, and thus reduce the risk of data loss in case of theft or loss of a device.
♦ Special measures should be taken to ensure that devices used for work, especially those used for transferring data, such as external drives, are not lost.
♦ If a device is lost or stolen, immediate appropriate action should be taken to remotely clear its memory, if possible.
Electronic mail (e-mail)
♦Follow existing corporate rules regarding the use of corporate e-mail
♦ Primarily use corporate email accounts.
♦ If there is a need to use private e-mail working on personal data processing, content and attachments should be properly encrypted. Any personal information or confidential information in the subject of the message should be avoided.
♦ Before sending any email, one should make sure sending it to a right recipient, especially if the email contains personal or sensitive information
♦ A sender of an e-mail should be double-checked. Messages from unknown addressees mustn’t be opened; especially attachments and link in such a message mustn’t be clicked. It may be a phishing attack.
♦ Encrypted information mustn’t be emailed along with password. Not even in a separate message. Whoever has access to an e-mail will easily decrypt a message.
Access to the network and cloud
♦ A trusted network or cloud only should be used, and all corporate organizational rules and procedures for logging in and sharing data should be followed.
♦ If a cloud is not used or there is no access to network, stored data must be safely archived.