How To Make Work From Home Compliant With The GDPR: Presenter: Tudor Galos

How to make work from home
compliant with the GDPR
Presenter: Tudor Galos

Due to the rapid spread of
COVID-19 infections, most
companies had to send their
employees to work from home.
Since this was done in a very
short timeframe, most
companies are facing security,
privacy, and compliance issues.
©2020 EUGDPRAcademy advisera.com/eugdpracademy 2
Agenda
• Privacy risks when working from home

• Monitoring employees’ remote work
• Protecting the company’s digital assets in
work-from-home scenarios
• Making employees and contractors
accountable for their remote work
• Protecting employees from data breaches

Privacy risks when working from home
Personal Data Theft Personal Data Loss/Destruction Personal Data Unauthorized Exposure
Lack of Efficient Control Mechanisms Personal Data Accessed from Ignoring Procedures and Policies
Unsecured Hardware

Monitoring Remote Employees
• It’s a technical/organizational measure to

reduce privacy risks
• Controller has a legitimate interest to protect
its digital assets and employees
• Monitoring software/policies
needs to be proportional to the risks
• A DPIA might be necessary - depending on the
level of monitoring
• Employees need to be informed - they have
the right to object!
Protecting digital assets

Source: https://www.carbonblack.com/2020/04/15/amid-covid-19-global-orgs-see-a-148-spike-in-ransomware-attacks-finance-industry-heavily-targeted/

• In WFH scenarios, companies need to take

extra organizational and technical measures
to be GDPR compliant.
• Personal Data Theft: trainings, email policy,
email filtering, ATP solutions, endpoint
protection.
• Personal Data Loss/Destruction: endpoint
protection, ATP solutions, pushing latest
updates, automatic back-up software &
policies.
• Unauthorized exposure: trainings, policies,

privacy screens.
• Control Mechanisms: policies, procedures,
DPIA, notifications.
• Devices used to access data: BYOD Policy,
IT Security Policy, VPN, Terminal Services.
• Procedures and policies: trainings, regular
testing, monitoring compliance, clear
escalation paths.
Accountability
• Each employee, whether working from home

or not, is accountable for GDPR compliance.
• Employees processing personal data need to
be trained regularly on how to process
personal data in a compliant manner.
• Each employee is accountable for protecting
the assets on which personal data is
processed.

Accountability
• Each employee must adhere to the Personal

Data Processing Policy of the organization.
• Organization should implement monitoring
measures that do not infringe on the GDPR,
while protecting its digital assets.
• There should be clear escalation paths in
case some issues arise.
• Organization should have monthly
compliance online meetings to review any
kind of issues, new personal data processing
operations, review ROPA, …
Avoiding Data Breaches
• When working from home, employees are

more exposed to attacks coming from the
internet: phishing, scams, ransomware,
spyware, viruses, social engineering.
• Best weapon against data breaches:
EDUCATION!
• Regular trainings organized by CISO/DPO.
• Articles from ENISA, CISA, WHO.
• Internal newsletter related to work-from-home best
practices.

Avoiding Data Breaches
• PREVENTION
• Constant updates, advanced threat protection, use of
terminal services, monitor data flows, IT Security Policy,
BYOD, procedures.
• Business Continuity Plan
• In case of a data breach, there should be a Data Breach
Response Plan.
• Clear roles and responsibilities.
• Notify data protection authorities, if needed, and/or
affected data subjects within 72 hours.

Main challenges
• Screening new employees and how to

determine household risks.
• Can a company force it's worker to return to
the office?
• What steps can companies take to make
sure locally saved files are deleted after use?
• How should a company handle attachments
sent to personal email addresses?
• Are employees working from home liable for
a data breach?
Take-homes
Work from home is the new norm, and many

companies will allow or even mandate
employees to work from home/remote
locations.
You should review risks related to work-from-
home scenarios, address each risk with
appropriate technical and organizational
measures, and ALWAYS be up to date with
the latest digital threats.
Q&A
Tudor Galos
Thank you!
advisera.com/eugdpracademy/webinars

How To Make Work From Home Compliant With The GDPR: Presenter: Tudor Galos

Uploaded by

Copyright:

Available Formats

How To Make Work From Home Compliant With The GDPR: Presenter: Tudor Galos

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To Make Work From Home Compliant With The GDPR: Presenter: Tudor Galos

Uploaded by

Copyright:

Available Formats

How to make work from home

compliant with the GDPR

Presenter: Tudor Galos

• Privacy risks when working from home

©2020 EUGDPRAcademy advisera.com/eugdpracademy 3

©2020 EUGDPRAcademy advisera.com/eugdpracademy 4

• It’s a technical/organizational measure to

©2020 EUGDPRAcademy advisera.com/eugdpracademy 6

©2020 EUGDPRAcademy advisera.com/eugdpracademy 7

• In WFH scenarios, companies need to take

• Unauthorized exposure: trainings, policies,

• Each employee, whether working from home

©2020 EUGDPRAcademy advisera.com/eugdpracademy 10

• Each employee must adhere to the Personal

• When working from home, employees are

©2020 EUGDPRAcademy advisera.com/eugdpracademy 12

©2020 EUGDPRAcademy advisera.com/eugdpracademy 13

• Screening new employees and how to

Work from home is the new norm, and many

You might also like