Remote work and protection of data: recommendations for companies


Working remotely has led to a large exposure of data on the internet. In order to properly protect these data, different data protection agencies have released diverse recommendations so companies can adapt and protect their information.

1. Define an information protection policy for mobility situations

By working in a space designated by the company, like an office, the control of information is high. However, when working from a distance, this control disappears. It is necessary to define a policy that collects information regarding the treatment of information and the risks of poor information management.

By way of example, this policy should include the types of access permitted while working remotely, from which device, and level of access. It should also include the responsibilities and obligations of the employees and information about the consequences of not following the guidelines, both for the company and the employees.

Ideally, the company and the worker sign a remote work agreement that includes provisions for proper data protection

2. Choose solutions and service providers that are trustworthy and have guarantees

It is important to avoid using applications and solutions that do not offer guarantees and that could result in data exposure. The third-party companies with which data is shared are in charge of processing that data and therefore will be obligated to comply with current legislation in this area.

3. Restricting access to information

To guarantee the proper access to information, you must consider which people have access to what information. Limiting access is also a form of data protection, which can have several levels within the organization.

4. Periodically configure the equipment and devices used in mobility situations

The equipment and resources used in these cases must be protected and updated, with services that are not necessary being disabled.

In the event that work equipment belongs to the employee, the company must demand minimum requirements in order for the worker to use said equipment in remote connections and limit information access.

5. Monitor access to the corporate network from the outside

To detect possible security breaches or fraudulent use of information, it is recommended that all activity performed from an external access point be recorded.

6. Arrange rational data protection and security management

All data protection measures should be based on a risk analysis that assesses the proportionality between the benefits to be gained from remote access and the potential impact of compromised access to personal information.

More information at the Spanish Agency of Data Protection.