In view of the critical moment, teleworking has become part of the daily lives of many companies and employees. As such, it is important to check the mechanisms for protecting personal data and the security of systems and organizations, using tools that allow remote working.
For this reason, it is advisable to review or apply mechanisms to safeguard the rights of holders of personal data and improper access, suggesting some measures, such as:
- Ensuring that employees are aware of the organization's information security policy, and that they apply it, as security is a fundamental principle enshrined in the GDPR - treatment of personal data in a safe manner through “appropriate technical and organizational measures”, that is, the so-called principle of integrity and confidentiality;
- The IT service must keep the registry of remote access authorizations updated and implement the necessary measures to restrict remote access to other unauthorized applications;
- The use of VPN that may be granted will always be granted in terms of intuitu personae and is limited, solely and exclusively, to the fulfilment of the subject of the contract entered into;
- VPN access must comply with the configuration parameters that are indicated, as well as the rules of confidentiality and protection of personal data that are imposed on users, and under no circumstances is it allowed to share and / or disclose such access. and respective authentication credentials (eg, user and password), under any circumstances; VPN access should also be turned off when not in use;
- The performance of users will also have to respect the provisions of the Good Cybersecurity Practices available on the website of the National Cybersecurity Centre.
GPA has followed this and other themes arising from the exceptional moment we are experiencing. Follow our publications.