Personal data protection while working remotely – good practices

Personal data protection while working remotely – good practice

By dr inż. Grażyna Wójcik GDPR in practice

 

Devices

♦ Devices and software are provided by an employer to work remotely to perform official duties. Therefore, a company’s safety procedure must be followed

♦ Additional applications and software that do not comply with a corporate security procedure should not be installed.

♦ It is vital to ensure all the used devices have necessary updates of an operating system (IOS or Android), software and anti-virus system.

♦ It is necessary before beginning of work to set aside a suitable space so that possible bystanders do not have access to the documents worked on.

♦ A device worked on should always be locked when a person leaves a workplace.

♦ Secure your computer by using strong passwords, multi-factor authentication. This will limit access to a device, and thus reduce the risk of data loss in case of theft or loss of a device.

♦ Special measures should be taken to ensure that devices used for work, especially those used for transferring data, such as external drives, are not lost.

♦ If a device is lost or stolen, immediate appropriate action should be taken to remotely clear its memory, if possible.

 

 Electronic mail (e-mail)

♦Follow existing corporate rules regarding the use of corporate e-mail

♦ Primarily use corporate email accounts.

♦ If there is a need to use private e-mail working on personal data processing, content and attachments should be properly encrypted. Any personal information or confidential information in the subject of the message should be avoided.

♦ Before sending any email, one should make sure sending it to a right recipient, especially if the email contains personal or sensitive information

♦ A sender of an e-mail should be double-checked. Messages from unknown addressees mustn’t be opened; especially attachments and link in such a message mustn’t be clicked. It may be a phishing attack.

♦ Encrypted information mustn’t be emailed along with password. Not even in a separate message. Whoever has access to an e-mail will easily decrypt a message.

 

Access to the network and cloud

♦ A trusted network or cloud only should be used, and all corporate organizational rules and procedures for logging in and sharing data should be followed.

♦ If  a cloud is not used or there is no access to network, stored data must be safely archived.