Returning To The Workplace Checklist: Gartner For Legal & Compliance

Download as pdf or txt
Download as pdf or txt
You are on page 1of 5

Gartner for Legal & Compliance

Returning to
the Workplace
Checklist

As organizations recover from the COVID-19 pandemic, their focus


will shift to ensuring a smooth transition back to the workplace.
This checklist outlines key actions that the chief privacy officer must
take to drive an effective “return to the workplace” strategy.

© 2020 Gartner, Inc. and/or its affiliates. All rights reserved. CM_I_GBS_963735
Implications for the Chief Privacy Officer

Short-term implications Long-term implications

• Increase in privacy risk from more employees working remotely • C


 hanges in privacy risk reporting due to temporary and permanent
workforce changes
• Difficult to reinforce privacy compliance through training due
to competing messaging from other functions • Increased privacy risk from new forms of data collection and
tracking as employees and others return to workplace locations
• Increase in risks to employee privacy as functions consider
enhancing monitoring of the remote workforce (i.e., to measure • A
 need to update or create privacy training to specifically address
productivity) new or increased risks

• Increased employee privacy risks from temperature checks and • Increased regulatory uncertainty as more data protection
health screenings for nonremote employees authorities issue guidance on employee monitoring, health
tracking and other issues
• Increase in third-party privacy risks from vendors going remote
• Prepare for an increase in privacy’s workload as the organization
takes on more digital transformation and cost-cutting measures
Things to do now

Work with IT to ensure remote employees have access Advise leaders about new forms of employee monitoring,
to secure devices and collaboration tools. including temperature checks, health screenings and
location tracking (including whether these are necessary
Use an awareness email, training, intranet post, or similar or advisable in the first place).
strategy to reinforce remote work best practices with
employees. Perform a PIA or DPIA on proposed employee monitoring
changes or enhancements involving personal data.
Partner with IT or IS to reinforce phishing awareness.
Create procedures and guidance for HR, real estate, IT
and other groups involved in employee screening and
Review third-party agreements to determine where privacy
monitoring as employees return to work.
risks might have increased as vendors go remote.

Review data breach and incident response plans, DSAR


processes and PIAs/DPIAs for WFH-related updates.
Things to plan/prioritize

Update employee monitoring policies. Prepare to update the board on new or enhanced privacy risks
stemming from remote workers and employee monitoring efforts.
Create function-specific privacy training for groups involved
in monitoring, such as IT, HR and real estate. Look for other privacy implications unique to your organization.

Identify how any permanent shifts to remote work impact


your privacy risk profile.

Update annual employee privacy training to include remote


work best practices.
An Executive’s Guide to
Returning to the Workplace
Visit gtnr.it/return-to-work for overarching insights to guide
your organization as it brings employees back to the workplace
safely and effectively, at the right time, and in the right way.

© 2020 Gartner, Inc. and/or its affiliates. All rights reserved. CM_I_GBS_963735

You might also like