Pursuant to French Labor Code, remote work refers to any form of work organization within a company in which work that could have been performed on the employer’s premises is carried out by employees outside those premises using information and communication technologies.
Due to the COVID-19 pandemic and/or as part of their internal digitalization policy, many companies are getting organized to set up remote work for their employees.
However, the implementation of remote work tools implies compliance with applicable rules not only in terms of labor law but also in terms of data privacy.
The security of IT systems, respect for employees’ privacy and compliance to GDPR are key elements in the implementation of remote work.
The reality check
- Have the remote work tools been properly evaluated? Are they data privacy by design compliant?
- Do the agreements concluded with the relevant IT service providers include the appropriate Data Processing and/or Data Sharing Agreements?
- Are employees’ personal data transferred outside the European Union? Are safeguards relating to these transfers implemented?
- Are the technical and organizational security measures implemented sufficient?
- Have employees been informed of the terms and conditions of use of the IT resources made available to them by the employer?
Taylor Wessing can provide support
- Audit your specific situation and implement a pragmatic action plan.
- Conduct risks assessments of your tools (ie Data Privacy Impact Assessments, assessment of the data processing activities’ proportionality, etc.).
- Draft, review and negotiate agreements or amendments to existing agreements with your IT service providers (including data processing and data sharing agreements).
- Assess your data transfers outside the European Union.
- Draft and update internal documentation (ie employee’s information notices, IT charter, internal politics, Technical and Organizational Measures, etc.) and so much more.