Who is responsible for data protection in the Homeoffice
Working in the home office is a model that was used in exceptional cases in Germany in the past and was not common practice. But in times when the Corona Virus has completely changed our lives, this work model is wherever possible a good alternative to short-time work, or even having to face the situation of losing your job.
Call center employees who would normally be sitting in an open-plan office with their colleagues, for example, now simply get an account from their employer to be able to access the company server from home, and work can start from their home computer. But in contrast to the internal company network, which is well protected from the outside, this security structure at home is generally not as extensive.
So the question arises who is actually responsible for data protection in the home office. After all, sensitive customer data is always used here, which is exchanged with the internal company network from home.
Who is responsible for data protection in the Homeoffice
Working in the home office is a model that was used in exceptional cases in Germany in the past and was not common practice. But in times when the Corona Virus has completely changed our lives, this work model is wherever possible a good alternative to short-time work, or even having to face the situation of losing your job.
Call center employees who would normally be sitting in an open-plan office with their colleagues, for example, now simply get an account from their employer to be able to access the company server from home, and work can start from their home computer. But in contrast to the internal company network, which is well protected from the outside, this security structure at home is generally not as extensive.
So the question arises who is actually responsible for data protection in the home office. After all, sensitive customer data is always used here, which is exchanged with the internal company network from home.
GDPR rules also apply in the home office
That everyone has adequate current virus protection and a firewall on their home PC should be a matter of course. This is all the more true, of course, if an employee works for his company in the home office and transfers sensitive data. However, when it comes to the question of responsibility for data protection, it doesn’t matter which data is transferred.
The decision on this is already regulated in the applicable GDPR (Article 4 No. 7 GDPR). Accordingly, the person who decides on the purpose and means of data processing is responsible. And that is usually the employer with the authority to issue instructions to you as an employee. This principle also applies to freelancers who generally work for a company in the context of a service contract, provided that it is not a separate service in which data processing is not an important core component of the work.
In this case, the freelancer would be the responsible body for compliance with the GDPR. However, this basically never applies to salaried employees, which is why the responsibility remains with the company.
But even if the responsibility of data protection lies with the employer, you should make sure to secure your own PC and the network as well as possible so as not to get into the area of negligence. In the home office, too, the employee has to comply with his due diligence obligations as well as at the regular workplace.
Data carriers and documents related to the professional activity should never be kept unattended. Adequate encryption of data carriers also makes sense.
Larger companies in particular have often already established clear rules for employees in their home office, and they also equip them with the necessary security tools. This can be, for example, a company notebook that has been set up so that only certain activities that are intended for the home office can be carried out. This would also eliminate the vulnerability of an employee’s home PC.
The use of a VPN (Virtual Private Network), via which data can be transmitted in encrypted form, can also be very useful.
GDPR rules also apply in the home office
That everyone has adequate current virus protection and a firewall on their home PC should be a matter of course. This is all the more true, of course, if an employee works for his company in the home office and transfers sensitive data. However, when it comes to the question of responsibility for data protection, it doesn’t matter which data is transferred.
The decision on this is already regulated in the applicable GDPR (Article 4 No. 7 GDPR). Accordingly, the person who decides on the purpose and means of data processing is responsible. And that is usually the employer with the authority to issue instructions to you as an employee. This principle also applies to freelancers who generally work for a company in the context of a service contract, provided that it is not a separate service in which data processing is not an important core component of the work.
In this case, the freelancer would be the responsible body for compliance with the GDPR. However, this basically never applies to salaried employees, which is why the responsibility remains with the company.
But even if the responsibility of data protection lies with the employer, you should make sure to secure your own PC and the network as well as possible so as not to get into the area of negligence. In the home office, too, the employee has to comply with his due diligence obligations as well as at the regular workplace.
Data carriers and documents related to the professional activity should never be kept unattended. Adequate encryption of data carriers also makes sense.
Larger companies in particular have often already established clear rules for employees in their home office, and they also equip them with the necessary security tools. This can be, for example, a company notebook that has been set up so that only certain activities that are intended for the home office can be carried out. This would also eliminate the vulnerability of an employee’s home PC.
The use of a VPN (Virtual Private Network), via which data can be transmitted in encrypted form, can also be very useful.
Who pays for data loss in the home office?
If data is lost, or even worse gets into the wrong hands, this can cause great damage, which is why the question of liability quickly arises. In principle, liability is derived from the provisions of the GDPR, according to which the body responsible for data processing must be consulted. And as already mentioned, this is the employer.
So if a fine is imposed by a supervisory authority, this goes directly to the company, but not to the employee who cannot be held liable towards the responsible body (employer).
Here too, caution is required for negligence or intent. Because even if, from your point of view as an employee, it was not a deliberate act, this can be interpreted for you in the event of gross negligence.
In such a case, you would be fully liable for damage. However, the extent of liability on the part of the employee in the home office is also balanced between slight, medium and gross negligence.
Working in the home office can be a win-win situation for companies and employees even after the Corona crisis, provided that there are clear rules about the work processes and the general conditions. If your employer has not yet made any arrangements with you in this regard, you should write down these important points in the home office before starting.
Who pays for data loss in the home office?
If data is lost, or even worse gets into the wrong hands, this can cause great damage, which is why the question of liability quickly arises. In principle, liability is derived from the provisions of the GDPR, according to which the body responsible for data processing must be consulted. And as already mentioned, this is the employer.
So if a fine is imposed by a supervisory authority, this goes directly to the company, but not to the employee who cannot be held liable towards the responsible body (employer).
Here too, caution is required for negligence or intent. Because even if, from your point of view as an employee, it was not a deliberate act, this can be interpreted for you in the event of gross negligence.
In such a case, you would be fully liable for damage. However, the extent of liability on the part of the employee in the home office is also balanced between slight, medium and gross negligence.
Working in the home office can be a win-win situation for companies and employees even after the Corona crisis, provided that there are clear rules about the work processes and the general conditions. If your employer has not yet made any arrangements with you in this regard, you should write down these important points in the home office before starting.
Popular Posts:
Warum dein Excel-Kurs Zeitverschwendung ist – was du wirklich lernen solltest!
Hand aufs Herz: Wann hast du zuletzt eine komplexe Excel-Formel ohne Googeln getippt? Eben. KI schreibt heute den Code für dich. Erfahre, warum klassische Excel-Trainings veraltet sind und welche 3 modernen Skills deinen Marktwert im Büro jetzt massiv steigern.
Cybersicherheit: Die 3 größten Fehler, die 90% aller Mitarbeiter machen
Hacker brauchen keine Codes, sie brauchen nur einen unaufmerksamen Mitarbeiter. Von Passwort-Recycling bis zum gefährlichen Klick: Wir zeigen die drei häufigsten Fehler im Büroalltag und geben praktische Tipps, wie Sie zur menschlichen Firewall werden.
So sieht das wirklich perfekte Homeoffice-Setup für 2026 aus
Ihr Homeoffice ist veraltet? Steigern Sie 2026 Produktivität & Gesundheit. Unser Guide zeigt das perfekte Setup: von ergonomischen Stühlen und 4K-Webcams bis zu Mesh-WLAN und Kabelmanagement. So investieren Sie in Ihre Karriere.
Internet, Telefon & TV: Die besten Komplettpakete
Internet, TV & Telefon aus einer Hand? Wir vergleichen die Komplettpakete von Telekom, Vodafone, O2 & 1&1. Wer punktet bei Speed, TV-Komfort (MagentaTV vs. GigaTV) und Preis? So finden Sie das beste Triple-Play-Angebot für Ihre Adresse.
5 Anzeichen, dass dein Chef dich im Homeoffice digital überwacht
Nur weil du im Homeoffice bist, heißt das nicht, dass dir niemand zusieht. "Bossware" ist auf dem Vormarsch. Wir zeigen 5 subtile Anzeichen für digitale Überwachung – von "Teams-Status"-Kult bis zu verdächtigen IT-Tools. So erkennst du die Warnsignale und schützt deine Karriere.
Schluss mit dem Tool-Chaos: 5 Apps, die Euer Office wirklich produktiver machen
Schluss mit digitaler Reibung: Diese 5 Apps machen Ihr Büro wirklich produktiver. Entdecken Sie, wie Asana, Loom, Notion, Zapier und Slack die Effizienz steigern, Meetings reduzieren und Ihr Team smarter vernetzen – wenn man sie richtig einsetzt.
Offers 2024: Word & Excel Templates
Popular Posts:
Warum dein Excel-Kurs Zeitverschwendung ist – was du wirklich lernen solltest!
Hand aufs Herz: Wann hast du zuletzt eine komplexe Excel-Formel ohne Googeln getippt? Eben. KI schreibt heute den Code für dich. Erfahre, warum klassische Excel-Trainings veraltet sind und welche 3 modernen Skills deinen Marktwert im Büro jetzt massiv steigern.
Cybersicherheit: Die 3 größten Fehler, die 90% aller Mitarbeiter machen
Hacker brauchen keine Codes, sie brauchen nur einen unaufmerksamen Mitarbeiter. Von Passwort-Recycling bis zum gefährlichen Klick: Wir zeigen die drei häufigsten Fehler im Büroalltag und geben praktische Tipps, wie Sie zur menschlichen Firewall werden.
So sieht das wirklich perfekte Homeoffice-Setup für 2026 aus
Ihr Homeoffice ist veraltet? Steigern Sie 2026 Produktivität & Gesundheit. Unser Guide zeigt das perfekte Setup: von ergonomischen Stühlen und 4K-Webcams bis zu Mesh-WLAN und Kabelmanagement. So investieren Sie in Ihre Karriere.
Internet, Telefon & TV: Die besten Komplettpakete
Internet, TV & Telefon aus einer Hand? Wir vergleichen die Komplettpakete von Telekom, Vodafone, O2 & 1&1. Wer punktet bei Speed, TV-Komfort (MagentaTV vs. GigaTV) und Preis? So finden Sie das beste Triple-Play-Angebot für Ihre Adresse.
5 Anzeichen, dass dein Chef dich im Homeoffice digital überwacht
Nur weil du im Homeoffice bist, heißt das nicht, dass dir niemand zusieht. "Bossware" ist auf dem Vormarsch. Wir zeigen 5 subtile Anzeichen für digitale Überwachung – von "Teams-Status"-Kult bis zu verdächtigen IT-Tools. So erkennst du die Warnsignale und schützt deine Karriere.
Schluss mit dem Tool-Chaos: 5 Apps, die Euer Office wirklich produktiver machen
Schluss mit digitaler Reibung: Diese 5 Apps machen Ihr Büro wirklich produktiver. Entdecken Sie, wie Asana, Loom, Notion, Zapier und Slack die Effizienz steigern, Meetings reduzieren und Ihr Team smarter vernetzen – wenn man sie richtig einsetzt.
Offers 2024: Word & Excel Templates
