Employers must take data protection rules into account in monitoring employees working from home

With a sizeable proportion of the workforce working from home in line with Government advice, employers have been faced with the question of how to manage and supervise potentially large numbers of employees working remotely.

While managers may be able to trust the majority of those working from home to get on with the job away from the office, inevitably there is a risk that some employees could use the situation to do other things during working hours.

This risk has led some employers to implement a range of monitoring tools of various levels of intrusiveness, including mouse and keystroke monitoring.

However, employers must make sure that any monitoring is compliant with the General Data Protection Regulation (GDPR), which limits how organisations can use the personal data of their employees.

Where employers are using monitoring tools, the requirements of the GDPR mean that they should be clear about the lawful basis on which these tools are being used, and inform staff, providing an updated privacy policy.

The basis for monitoring is likely to be ‘legitimate interests’ and this must be explicitly balanced against employees’ individual rights and freedoms. The monitoring must also meet the tests of being proportionate and necessary.

Breaching the requirements of the GDPR can lead to very substantial penalties of €20 million or four per cent of global turnover, whichever is greater. This means that it is important to seek legal advice if you have any concerns as to whether employee monitoring is lawful.

Link: Is employee monitoring technology compatible with GDPR?