Personal data protection is a key consideration when selecting a global EOR provider
When it comes to collecting and storing some of the most important personal information about your company and hires--including salary figures, addresses, bank information, and government-issued IDs--you can never be too careful.
As the employer of record (EOR), Remote handles this responsibility using the most secure technology and practices available. You can rest assured that your data is safe.
What can Remote Data Protection Guard do for you?
Remote takes ownership and responsibility for keeping your hires' personal information secure and using it solely in accordance with the law. You can rest assured that we're up to date on the latest data protection laws and technologies.
Leadership and oversight
Remote's compliance efforts are overseen by a data protection team that actively manages compliance, reports key issues to the board, and meets regularly with 'privacy champions' in each department, from engineering to marketing.
Policies and procedures
Remote operates a robust policy framework aligned with industry best practices, endorsed and supported by the board, and put into action by each member of staff. Our framework aims to embed data protection into every aspect of our organisation and emphasises the need to consider privacy every time a new product or service is built or changed.
Training and awareness
Every single member of our staff is trained and tested on data protection law and our specific privacy and security policies during onboarding and at regular intervals thereafter. Remote also provides additional department-specific training as needed. Our privacy champions raise awareness of best practices on a weekly basis.
Individual's rights
Remote is committed to fulfilling data subject rights requests in accordance with the EU General Data Protection Regulation, no matter whether such requests come from EU or non-EU residents. Our infrastructure was built to enable us to quickly and effectively scan our systems in order to action, track and log data subject rights requests.
Transparency
We say what we do and then we do what we say. Every processing activity. is outlined on our global website privacy policy as supplemented by various just-in-time privacy notices applicable to specific services or jurisdictions.
Records of processing and lawful bases
Every single personal data processing activity, together with the lawful basis we rely on to do it, is documented in our comprehensive records of processing. The data protection team reviews these regularly together with the privacy champions in every department.
Contracts and data sharing
Every single personal data exchange between Remote and our clients, partners, and suppliers is subject to a binding legal data-sharing arrangement. Before any supplier is granted access to personal data, it goes through our robust vendor due diligence process. In addition, we conduct transfer impact assessments when sending information internationally and, where necessary, we or our partners implement supplementary measures to safeguard such transfers.
Risk assessments
Remote operates a number of risk registers (e.g. legal, business continuity, information security) that help us identify, record, and manage risks to personal data. All of our high-risk processing activities are subject to data protection impact assessments that are reviewed and improved on a regular basis.
Record management and information security
Remote is audited annually for SOC 2 compliance and our key systems are annually pen-tested.
Breach response and monitoring
Although our processes focus on breach prevention, we have processes in place to assess, manage and contain a data breach. Remote operates an in-house built breach reporting process available to every member of staff. Any incident that occurs is logged and made subject to a thorough breach assessment process, reviewed by our data protection, incident management, and information security teams.