An amendment to the Labour Code on remote work makes it mandatory for every employer to define procedures for protecting personal data for the needs of remote work. Employees should acknowledge that they have familiarized themselves with these procedures. The statement, like other documentation on remote work, will be kept in the personnel file. In addition, if needed, employees should be instructed and trained.

When preparing the procedures or adapting the existing ones, employers should remember that it is necessary to describe both the rules for processing the personal data of clients, business partners or employees during remote work, but also the rules for protecting the personal data of employees performing remote work.

In particular, the procedures should include rules on the organization of the workplace. It should be specified whether we allow work to be performed from public places (cafes, means of transportation), and if so, under what conditions and with what safeguards. When allowing work to be performed from such places, employees should be equipped with, for example, privacy filters.

In addition, it is necessary to establish rules for holding remote conversations and meetings. This is required to protect the privacy of others attending these meetings and to protect the information provided, which may constitute both legally protected personal data and trade secrets.

The procedures should also specify rules regarding, among other things:

• securing company equipment after work;
• private” use of company equipment and possible sharing it with others (e.g. household members);
• using private/public network lines;
• using electronic mail;
• using paper documents.

Find more in the PRO HR February 2023.