How Remote protects sensitive employee and employer data

Personal data protection is a key consideration when selecting a global employer of record (EOR). Because an EOR acts on behalf of companies and their hires around the world, these partners have to collect and store extremely sensitive personal information. These types of data may include salary figures, addresses, bank information, and government-issued IDs, to name just a few.

Imagine that information getting into the wrong hands! In addition to regulatory fines and penalties, a data breach could severely damage your company’s credibility and trust with the market and your employees.

Fortunately, Remote has powerful information security practices in place, so you can rest easy knowing your data — and the data of your employees — is safe and secure. We also offer two-factor authentication (2FA) and single sign-on (SSO) for all users with a Remote platform login, providing an additional layer of security.

Two-factor authentication (2FA) on Remote

Because many Remote users worldwide gain access to our platform using personal login credentials, it’s crucial that we keep the process as secure as possible. That’s why we recommend those users enable two-factor authentication (2FA).

Two-factor authentication greatly decreases the chance of a hacker gaining access to your Remote account and the data stored within. That’s because 2FA requires users to provide a time-sensitive code, which is sent to their mobile device each time they log in. This is done via an authenticator app like Google Authenticator or Duo Mobile.

Already a Remote user? Learn more about how to enable two-factor authentication in our help center.

Enabling single sign-on (SSO)

In an effort to strengthen both platform security and experience, we are pleased to announce single sign-on (SSO) with SAML.

SSO allows Remote users to authenticate and access the platform using their company credentials (e.g. email and password). Admins will need to set up SAML SSO for their company in the platform under “Company settings”.

Already a Remote user? Learn more about how to enable single sign-on in our help center.

What is Remote Data Protection Guard?

Remote takes ownership and responsibility for keeping company and personal information secure and compliant with all employment laws, no matter where you hire. You can rest assured that we're up to date on the latest data protection laws and technologies so you don’t have to be.

How Remote Data Protection Guard goes above and beyond

We created Remote Data Protection Guard to protect your data internationally. Here’s how it works.

Leadership and oversight

Remote’s data security efforts are overseen by a data protection team that actively manages compliance, reports key issues to the board, and meets regularly with privacy champions in each department from engineering to marketing. With dedicated experts actively safeguarding your data, we can identify problems before they arise.

Policies and procedures

Remote operates a robust policy framework above and beyond international data security standards, endorsed and supported by our board and put into action by each member of our data security team. Our framework embeds data protection into every aspect of our organization and emphasizes privacy every time a new product or service is built or changed.

Training and awareness

Every single member of our staff is trained and tested on data protection law and on our specific security policies during onboarding and at regular intervals thereafter. Remote also provides additional department-specific training as needed. Our privacy champions raise awareness of best practices on a weekly basis.

Individual rights

Remote is committed to fulfilling data subject rights requests in accordance with the EU General Data Protection Regulation (GDPR), whether such requests are made by EU or non-EU residents. Our infrastructure was built to enable us to quickly and effectively scan our systems in order to action, track, and log data subject rights requests.

Transparency

We carefully process the information needed to provide exceptional services for employers and employees. Every processing activity is outlined on our global website privacy policy and supplemented by various just-in-time privacy notices applicable to specific services or jurisdictions.

Records of processing and lawful bases

Every personal data processing activity, together with the lawful basis we rely on to do it, is documented in our comprehensive records of processing. The data protection team reviews these regularly together with the privacy champions in every department.

Contracts and data sharing

Every data exchange between Remote and our clients, partners, and suppliers is subject to a binding legal data-sharing arrangement. Before any supplier is granted access to sensitive data, that supplier must pass our robust vendor due diligence process. If a vendor does not pass our inspection, we do not use that vendor — simple as that. In addition, we conduct transfer impact assessments when sending information internationally, and, where necessary, we or our partners implement supplementary measures to safeguard such transfers.

Risk assessments

Remote operates a number of risk registers (e.g. legal, business continuity, information security) that help us identify, record, and manage risks to personal data. All of our high-risk processing activities are subject to data protection impact assessments that are reviewed and improved on a regular basis.

Records management and information security

Remote is audited annually for SOC 2 compliance, and our key systems are annually pen-tested. Learn more about Remote security and compliance.

Breach response and monitoring

Although our processes focus on breach prevention, we have processes in place to assess, manage, and act upon any potential data breach swiftly and completely. Remote operates an in-house breach reporting process available to every staff member. Any incident that occurs is logged and made subject to a thorough breach assessment process, then reviewed by our data protection, incident management, and information security teams.

Want to see Remote Data Protection Guard in action?

Our dedicated data protection team will be happy to talk to you and tell you more. Just access our Get in Touch form below with the subject “FAO: Data Protection Officer” and a member of our team will reach out to you as soon as possible.

Get in touch!