Remote Work and Data Protection: How do Organisations Secure Personal Data Protection Compliance from Home?


  • Sofia Ribeiro University of Porto, Faculty of Engineering, INESC TEC (PORTUGAL)



data protection, GDPR, information security, remote work, digital transformation


In the Information Society, business processes tend to become increasingly digital and operate in the virtual world. With the recent pandemic, this transformation has become almost mandatory. With their workers performing their duties remotely, organisations feel the need to digitally adapt their processes. Among several aspects of concern in these transmutations, one stands out: data protection. How can data protection be controlled remotely? Workers take to their homes their work equipment, their documents and their information with them - full of personal data. With the entry into force of the GDPR, organisations have a duty to register the treatment of information containing personal data. This requires that information circuits be controlled, i.e., a mapping of business processes and the information contained and transmitted in them. A case study was carried out with focus on the activities of the Data Protection Group of a private Portuguese research and development company in order to discover how an organisation, where the main asset is information, controls and monitors data protection compliance.


Babbs, A. (2020). How to leverage data security in a post-Covid world. Computer Fraud & Security, 2020(10), 8–11.

Borkovich, D. J., & Skovira, R. J. (2020). Working From Home: Cybersecurity in the Age of Covid-19. Issues in Information Systems, 21(4), 234–246. Retrieved from

Comissão Nacional de Proteção de Dados. (2020). Orientações sobre o controlo à distância em regime de teletrabalho.

European Parliament, & Council of the European Union. (2016). Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), Official Journal of the European Union. Retrieved from:

INESC TEC. (2020). INESC TEC - Institution. Retrieved May 14, 2020, from

Koehler, T., Cervini, P., & Vetter, J. (2020). The abrupt shift to remote working has amplified cyber security problems. Retrieved from amplified.pdf

Lueck, M. (2020). GDPR in the new remote-working normal. Computer Fraud & Security, 8, 14– 16.

Malecki, F. (2020). Overcoming the security risks of remote working. Computer Fraud & Security, 7, 10–12.

Nagel, L. (2020). The influence of the COVID-19 pandemic on the digital transformation of work. International Journal of Sociology and Social Policy, (ahead-of-print).

Peltier, T. R. (2014). Information Security Fundamentals (Second Edi). CRC Press. Retrieved from

Pham, M. (2020). COVID-19 and the Future of Work Security: Is Remote Work Really Secure? Retrieved from

Ridder, H. G. (2017). The theory contribution of case study research designs. Business Research, 10(2), 281–305.

Schallmo, D. R. A., & Williams, C. A. (2018). History of Digital Transformation. In Digital Transformation Now! Guiding the Successful Digitalization of Your Business Model (pp. 3–8). Cham, Switzerland: Springer Nature.

Škiljić, A. (2020). Cybersecurity and remote working: Croatia’s (non-)response to increased cyber threats. International Cybersecurity Law Review, 1(1–2), 51–61. 020-00014-3

Tessian. (2020). The State of Data Loss Prevention: Why DLP Has Failed and What the Future Looks Like. Retrieved from loss-prevention-2020/

Vial, G. (2019). Understanding digital transformation: A review and a research agenda. Journal of Strategic Information Systems, 28(2), 118–144.

Wiley, A., McCormac, A., & Calic, D. (2020). More than the individual: Examining the relationship between culture and Information Security Awareness. Computers & Security, 88, 101640.

Yin, R. K. (2018). Case study research and applications: Design and methods (6th ed.). Los Angeles: SAGE.




How to Cite

Ribeiro, S. (2023). Remote Work and Data Protection: How do Organisations Secure Personal Data Protection Compliance from Home?. Bobcatsss, 246–255.