Members of leading international employment law alliance Innangard address the new challenges employers are faced with, now that teleworking is becoming a new post-pandemic normal. This is a transcript summary of part of the podcast published in March 2022. Listen to the podcast in full here.
The panel was hosted by Mathilde Houet-Weil from Weil & Associés in France and features contributions from Paul Cahill from CC Solicitors in Ireland, Juan José Hita Fernandez from Augusta Abogados in Spain, Carl Fredrik Hedenström from Morris Law in Sweden, and Dr. Ulf Goeke from Seitz in Germany.
How can employers make sure that they fulfill their duty of care in case of teleworking?
Juan Jose (Spain) The Spanish law is clear on remote work regulations when it comes to health and safety. The employer is obliged to carry out risk assessments and ensure the safety of the work environment. The employer should identify and implement specific measures to avoid psychological diseases that may arise as a consequence of remote work. There are guidelines to ensure employees working remotely have regular contact with colleagues, that place for work is suitable with sufficient ventilation and there is reasonable work-life balance. In the case of work accidents, this must be covered by the insurance company especially when there is a mix of home and office working. Finally, there is the right to disconnect, meaning that the employee has the right to disconnect digitally, and the employer should implement protocols to enable this.
Carl (Sweden) Unfortunately there's no legislation with regards to the right to disconnect and that, of course, can be a problem if you work from home. I have a feeling that this would be something that would be discussed in the collective agreements when they are negotiated as we go along if more people work from home because this has not been an issue before. Swedish perspective the same obligation applies for the employer regardless of if the employee works in the office or at home, so you have to make sure that both physical and psychological work environment is compliant with the Work Environment Act. The employer doesn«t have a right to inspect the home of the employee as such, but you should at least make sure and provide the equipment to make it possible for the employee to have a safe home office. My answer is always you to look at the Work Environment Act and the same responsibilities that you have in the office will also apply if the employee works from home.
Paul (Ireland) As of last year we have a right to disconnect in Ireland that forms part of the government's National Remote Working Strategy. They introduced a code of practice on the right to disconnect so it's not legislation, but it can be introduced in evidence and before the Workplace Relations Commission if someone was bringing a claim, for example, under the Organisation of Working Time Act. The code is very practical, it provides tips on how employers can implement measures to provide the right disconnect to their employees. It provides policy templates for employers that they can use if they want to introduce the right disconnect policy as well and then it assists employers ensuring compliance with the organisation of working time act and health and safety act in relation to remote working.
Ulf (Germany) With regards to workplace safety in Germany the same rules apply as if you were working in the office or in the plant so that can be a problem. Now that many people are working from home, it is unchartered waters because the right to inspection would mean that employers would have to be able to inspect the workplace to see whether it is healthy. This conflicts with the right to your residence which is protected. There's a way around that in Germany that you tried not to call it »work from home« but »mobile work« and then that is less regulated. In this way, people can use their device from wherever they are. We have no formal right to disconnect. The general position is that outside of your regular working hours you are not obliged to work or to answer to any phone calls or emails but of course, what we see with remote work is that the working time is scattered all over the day.
How can GDPR compliance be achieved and data security risks be addressed?
Juan Jose (Spain) Spanish regulations related to data protection give some guidance and in general terms is similar to other EU countries. In terms of data management while being working remotely there is guidance, for example in relation to the communication channels that could be used by workers and the company on their colleagues using virtual private networks. There is also specific recommendations with regards to passwords which must be regularly updated to avoid non-authorised access, a general recommendation that when you are working remotely you use corporate Wi-Fi Connexions, and that employees don't use private devices but company tools.
Carl (Sweden) I think it's very similar to Spain and there are recommendations issued by our authority for societal protection and crisis management when it comes to home working and data protection. It mainly says that you should avoid using private non-coded Wi-Fi networks and you should provide employees with safe VPN tunnels and work with your documents and personal information that you might handle while working at home. I think it's very important that the employer has very clear guidelines as to what sort of personal data you are allowed to handle, and how to handle it, if you work from home and look at those guidelines that are provided by Swedish authorities when it comes to GDPR compliance when it comes to home working. It is important to take safety measures to make sure that you comply because naturally the GDPR is applicable to homework so if you breach those regulations, it can become quite expensive for the employer.
Ulf (Germany) Very similar situation in Germany. I'd say common sense and rules apply with regards to GDPR and data protection whilst remote working. Measures already mentioned such as hardware connexion, avoiding private devices, and so on. Ideally have a company remote working guidelines specifically related to all those risks and makes clear that there risk not only related to digital data but also hard copies and paperwork that you may take home or print out home and the way that this transported and stored and deleted. I think even if you do all this you still have to be aware that this is another level of risk you are facing and that you must deal with to avoid huge fines and reputational damage.
Paul (Ireland) Considerations are the same in Ireland as they are in other jurisdictions in terms of compliance with GDPR. Obviously, the risks are different at home and so we would recommend us employees revise their policies to ensure that remote working circumstances are covered and addressed either in the remote working policy or in the data protection policy. The risk areas such as devices, email security, cloud and network access, whether or not employees are allowed to take hard copy files home. Other considerations such as video conferencing to ensure is conducted securely with password-protected access and so forth.
Listen to this and other podcasts on our Innangard channel.
Continue reading Part 3. Read Part 1.