Hiring through Remote doesn’t change your position for GDPR compliance. We are of the view that despite the employees' access to personal data while at work for a client, Remote should not be considered a recipient of such data or a party "processing" it in any way. The Remote employee should be treated as a "person authorised to process personal data" (by our client) as part of the client's organisation, in line with ss 78 and 88 of EDPB Guidelines on controller and processor. There is no requirement to enter any additional data protection documentation.
We understand this position may be somewhat controversial for some clients, since what we do is relatively new and there is no regulatory guidance that is 100% specific on this point. We have therefore asked a reputable law firm to provide a memo of advice, specifically on this point. The memo is available upon request to email@example.com.
Article is closed for comments.