Coronavirus and the home office
As a result of the latest announcements from the Danish government, many employees will continue to work remotely until Easter. Due to the extraordinary situation currently affecting the labour market to limit further spreading of the infectious disease, many new questions and challenges arise. For this reason, our newsletter will focus on some of the rules and recommendations companies must comply with when its employees are asked to temporarily work from home.
Most companies are currently facing unprecedented changes and challenges which gives rise to a series of questions, including – for many – questions relating to working from home for the first time. Following the Danish government’s latest decision to prolong the measures introduced to prevent the spread of coronavirus (COVID-19), many employees will be working from home at least until 13 April 2020.
Don’t forget the work environment
When employees are working remotely, companies must first and foremost focus on its general obligations under the Danish Working Environment Act which continue to apply. In short, the general obligations entail that companies are subject to a duty to ensure and contribute to the home office being fully adequate from both a health- and safety perspective. Should an employee have more than one employer, the companies have a duty to co-operate.
However, companies with employees who do not otherwise work remotely on a regular basis, whether on full-time or part-time basis, will not be bound by the special rules under the Working Environment Act on the practical organisation of the home office. This is due to the fact that there are no statutory requirements when the working from home arrangement is limited which most likely will be considered the case in this current temporary situation.
When complying with the Working Environment Act in connection with remote working, companies must also ensure to comply with the rules regulating computer work, the requirements on workplace health and safety risk assessments (APV), health and safety at the workplace, daily rest periods, and the weekly day off etc. More specifically with respect to the requirement on workplace health and safety risk assessments, the Danish Working Environment Authority has directly confirmed that irrespective of the current situation, companies remain subject to its obligation to draft the statutory workplace assessment. On the other hand, the Danish Working Authority has also confirmed that the current situation calls for derogations on the election procedure for new safety representatives whereafter it will be possible to postpone elections, until it will be possible to facilitate an election again, even if this means that the statutory two-year deadline is exceeded. On the question of daily rest periods and the weekly day off, the Danish Working Authority has finally clarified that companies may be allowed to derogate from the requirements if the company has specific working procedures that are extraordinarily burdened due to the coronavirus. Consequently, companies subject to significant pressure as a result of the infectious disease, may have access to maintain their activities.
The Danish Working Environment Authority has clearly acknowledged that as a main rule, the private home of the employee will not be subject to inspections except in the case of serious accidents or complaints.
Increased focus on data protection
Besides from ensuring compliance with the general requirements under the Working Environment Act, the home office may concurrently give rise to complications when appropriate technical and organizational safeguards. Companies must consequently also secure the necessary safeguards pursuant to the applicable data protection rules when employees are working from home. In this connection, companies must namely focus on ensuring:
- That the level of security corresponds to the current increased risk of cyber attacks
- That employees are informed and familiar with internal procedures on remote access
- That the technical infrastructure supports remote access, sufficient capacity, and licenses etc.
- That adequate safeguards have been established to secure the security level at home
- That ongoing system updates are introduced and implemented on a regular basis
Because most data breaches occur during business travels or while the employee is working from home, employees play an important role in ensuring compliance with applicable data protection rules. Among other things, measures which may be taken include:
- That the employee only communicates via secured communication channels
- That the employee complies with the requirements and policies in place
- That the employee secures remote access, encrypts data, and accepts system updates
- That the employee guarantees adequate organizational measures pursuant to company guidelines
Working from home, abroad
Working from home can also raise questions for companies with employees normally commuting across EU/EEA-borders in relation to, among other things, social security and potential tax consequences. However, on social security, the Danish authorities have already announced that employees commuting across borders will maintain their social security despite working from home. This would for example be the case for employees living in Sweden and working in Denmark and vice versa.
On the potential tax consequences which may be triggered by the new home office, on the other hand, the Danish tax authorities have not announced whether taxation for employees who usually commute across borders for work, and are currently working from home, will be impacted. Companies should therefore be aware of issues relating to tax for cross border commuters.
IUNO’s opinion
There is no precedent to the current situation and for this reason, companies must in co-operation with each employee secure the new temporary home office until Easter and potentially for an even longer period. Companies must, therefore, ensure ongoing communication with the view to remedy the different issues which may arise in connection with the home office.
IUNO also recommends that companies have clear guidelines in place to guarantee that personal data remains subject to adequate safeguards – also when processed from the home office. As part of its compliance obligations, companies should actively supervise compliance with the guidelines in practice. Read more about how we can assist your company with ensuring compliance under the applicable data protection rules here.
Most companies are currently facing unprecedented changes and challenges which gives rise to a series of questions, including – for many – questions relating to working from home for the first time. Following the Danish government’s latest decision to prolong the measures introduced to prevent the spread of coronavirus (COVID-19), many employees will be working from home at least until 13 April 2020.
Don’t forget the work environment
When employees are working remotely, companies must first and foremost focus on its general obligations under the Danish Working Environment Act which continue to apply. In short, the general obligations entail that companies are subject to a duty to ensure and contribute to the home office being fully adequate from both a health- and safety perspective. Should an employee have more than one employer, the companies have a duty to co-operate.
However, companies with employees who do not otherwise work remotely on a regular basis, whether on full-time or part-time basis, will not be bound by the special rules under the Working Environment Act on the practical organisation of the home office. This is due to the fact that there are no statutory requirements when the working from home arrangement is limited which most likely will be considered the case in this current temporary situation.
When complying with the Working Environment Act in connection with remote working, companies must also ensure to comply with the rules regulating computer work, the requirements on workplace health and safety risk assessments (APV), health and safety at the workplace, daily rest periods, and the weekly day off etc. More specifically with respect to the requirement on workplace health and safety risk assessments, the Danish Working Environment Authority has directly confirmed that irrespective of the current situation, companies remain subject to its obligation to draft the statutory workplace assessment. On the other hand, the Danish Working Authority has also confirmed that the current situation calls for derogations on the election procedure for new safety representatives whereafter it will be possible to postpone elections, until it will be possible to facilitate an election again, even if this means that the statutory two-year deadline is exceeded. On the question of daily rest periods and the weekly day off, the Danish Working Authority has finally clarified that companies may be allowed to derogate from the requirements if the company has specific working procedures that are extraordinarily burdened due to the coronavirus. Consequently, companies subject to significant pressure as a result of the infectious disease, may have access to maintain their activities.
The Danish Working Environment Authority has clearly acknowledged that as a main rule, the private home of the employee will not be subject to inspections except in the case of serious accidents or complaints.
Increased focus on data protection
Besides from ensuring compliance with the general requirements under the Working Environment Act, the home office may concurrently give rise to complications when appropriate technical and organizational safeguards. Companies must consequently also secure the necessary safeguards pursuant to the applicable data protection rules when employees are working from home. In this connection, companies must namely focus on ensuring:
- That the level of security corresponds to the current increased risk of cyber attacks
- That employees are informed and familiar with internal procedures on remote access
- That the technical infrastructure supports remote access, sufficient capacity, and licenses etc.
- That adequate safeguards have been established to secure the security level at home
- That ongoing system updates are introduced and implemented on a regular basis
Because most data breaches occur during business travels or while the employee is working from home, employees play an important role in ensuring compliance with applicable data protection rules. Among other things, measures which may be taken include:
- That the employee only communicates via secured communication channels
- That the employee complies with the requirements and policies in place
- That the employee secures remote access, encrypts data, and accepts system updates
- That the employee guarantees adequate organizational measures pursuant to company guidelines
Working from home, abroad
Working from home can also raise questions for companies with employees normally commuting across EU/EEA-borders in relation to, among other things, social security and potential tax consequences. However, on social security, the Danish authorities have already announced that employees commuting across borders will maintain their social security despite working from home. This would for example be the case for employees living in Sweden and working in Denmark and vice versa.
On the potential tax consequences which may be triggered by the new home office, on the other hand, the Danish tax authorities have not announced whether taxation for employees who usually commute across borders for work, and are currently working from home, will be impacted. Companies should therefore be aware of issues relating to tax for cross border commuters.
IUNO’s opinion
There is no precedent to the current situation and for this reason, companies must in co-operation with each employee secure the new temporary home office until Easter and potentially for an even longer period. Companies must, therefore, ensure ongoing communication with the view to remedy the different issues which may arise in connection with the home office.
IUNO also recommends that companies have clear guidelines in place to guarantee that personal data remains subject to adequate safeguards – also when processed from the home office. As part of its compliance obligations, companies should actively supervise compliance with the guidelines in practice. Read more about how we can assist your company with ensuring compliance under the applicable data protection rules here.