The Corona pandemic has led to many companies allowing their employees to work from home. So far, the supervisory authorities have not concerned themselves with whether the companies also comply with the corresponding legal regulations. However, it can be assumed that the supervisory authorities will also deal with home office employees in the future. Therefore, we would like to inform you about which legal regulations you must comply with as an employer.
I. What labour law regulations must employers observe in the case of home office?
1. create legal bases
If you want to introduce home office in your company, you must create the necessary legal basis for this. Without an effective legal basis, the employee is neither entitled nor obliged to work from home. You can either agree on a consensual regulation in the employment contract with the employee, conclude a company agreement if the relevant prerequisites are met or, at least during the current Corona pandemic, also make a unilateral order as employer.
Note: An employee's right to a home office without the employer's consent does not exist in principle.
2. observe occupational safety measures
As the employer's possibilities to enforce occupational health and safety measures in the home office are limited, the employer's occupational health and safety obligations in the home office are essentially limited to organisational and information obligations. You should carry out a risk assessment of the workplace in accordance with § 5 ArbSchG and observe the duties to instruct in accordance with § 12 ArbSchG. You should also inform your employees of the requirements of working time law.
II. What data protection regulations must employers observe in the case of home offices?
In principle, the same data protection regulations apply in a home office as when working in a company.
1. ensure technical organisational measures in the home office
We have already pointed out in our article "Technical organisational measures in thehome office" that certain technical and organisational measures must be ensured in the home office so that working in the home office is permissible at all under data protection law. You must also remember that you as the employer remain the data controller under data protection law even in the home office.
Please note: As the employer, you are liable for data protection violations committed by your employee in the home office.
It must therefore be ensured that the principles of information security, in particular the confidentiality, integrity and availability of the data, are guaranteed.
2. point out data protection risks to your employees
Pursuant to Section 26 (5) BDSG, the employee is obliged to take appropriate measures to protect the data of his or her employees. Make your employees aware of possible data protection risks in the home office. Therefore, identify possible data protection risks and try to eliminate them.
You must also ensure that private and company data are not mixed. Your employees should only take documents and data into the home office that they urgently need. If possible, employees should not take confidential or secret data into the home office.
3. make the technical equipment available to the employee
You should provide your employees with the technical means they need to work in a home office. You should ensure that private data and company data are strictly separated from the employee. This is the only way to ensure the protection of your company data.
You should also prohibit employees from using company devices for private purposes. In this case, you are allowed to check whether the ban is being observed and you are also allowed to evaluate random samples of the history data or the e-mail communication.
4. regulate the home office activity with the employee
In order to fulfil your organisational obligations and to ensure that the employee complies with the data protection regulations when handling personal data, you should train the employee in data protection law and ensure compliance with the data protection regulations by establishing a binding policy. You should conclude such a policy as an addendum to the employment contract with the employee.
We will be happy to help you implement the aforementioned measures and will also be happy to prepare all the necessary documentation for you.
With kind regards
Attorney at Law Michael Ullrich, LL.M. (Information Law)
Specialist lawyer for information technology law
