Expert Advice Community

Guest

DPIA for COVID-19 Remote Work Environment

  Quote
Guest
Guest user Created:   Apr 02, 2020 Last commented:   Apr 03, 2020

DPIA for COVID-19 Remote Work Environment

We are existing customer with GDPR DPO Certification & GDPR/ISO 27000 Toolkit --> Question: Is there any documentation on how to perform DPIA for home workers during COVID-19 pandemic?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Apr 03, 2020

During this period Data Protection Authorities (DPA) are establishing guidelines for organizations on how to organize homework. You should check your country DPA in order to check for specific guidelines.European Data Protection Board released on 19th March 2020 a statement on the processing of personal data in COVID-19 pandemic. You can download the statement here: https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_statement_2020_processingpersonaldataandcovid-19_en.pdf

Most of DPA stated that the pandemic outbreak does not derogate to normal rules on data protection, yet the emergency requires to balance and mitigate risks. So, in order to perform a Data Protection Impact Assessment, you will need to follow the usual procedure in order to estimate risks.Some of the risks arising from homeworking relate to:• unauthorized access (i.e. family members of the workers),• data breaches because of accidental loss of data,• insufficient security measures (due to the use of workers’ personal devices).

In order to mitigate risks, you can have a look at our template on teleworking and Bring Your Own Device Policy in order to establish a policy for homeworkers that suits to your needs. Remember to consider DPA guidelines and additional internal rules (i.e. on workers' surveillance).

Here you can find some useful information:Useful links to Data Protection Authorities website: https://advisera.com/eugdpracademy/knowledgebase/useful-links/How to write an easy-to-use BYOD policy compliant with ISO 27001: https://advisera.com/27001academy/blog/2015/09/07/how-to-write-an-easy-to-use-byod-policy-compliant-with-iso-27001/

Bring Your Own Device (BYOD) Policy: https://advisera.com/eugdpracademy/documentation/bring-your-own-device-byod-policy/Mobile Device and Teleworking Policy: https://advisera.com/eugdpracademy/documentation/mobile-device-and-teleworking-policy/ 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 02, 2020

Apr 03, 2020

Suggested Topics

Guest user Created:   Aug 12, 2021 EU GDPR
Replies: 1
0 0

DPIA’s and Clients' data

Guest user Created:   Nov 09, 2020 EU GDPR
Replies: 1
0 0

DPIA