A number of companies still have not implemented proper procedures and have not secured the equipment used for remote work. Moreover, the employees have not been adequately trained in data protection while working remotely.
According to the GDPR regulations, a personal data breach is not only disclosure or access to the personal data, but also the unauthorised or accidental alteration, destruction or loss of access to the data protected. The entity responsible for a personal data breach is the data controller – the employer who entrusts the processing of data to employees. For this reason, it is in the interest of the employer to at least adequately train the employees, as well as to take other measures to ensure the best possible protection of personal data – emphasizes Magdalena Wilkoszewska, attorney at law and Director of the Labour Law Department at TGC Corporate Lawyers, in the article in Rzeczpospolita.
The article is available in Polish only.