S 3.2 Commitment of staff members to compliance with relevant laws, regulations and provisions

Initiation responsibility: Data Protection Officer, Head of Personnel, IT Security Officer

Implementation responsibility: Supervisor, Personnel Department

When hiring employees, these should be committed to comply with the relevant laws (e.g. for data protection), regulations, and internal provisions. This is intended to familiarise new employees with the existing regulations and provisions regarding the topic of information security and to motivate the employees to comply with these regulations and provisions. At the same time, it makes sense to not only commit the employees, but to also hand out the required copies of the regulations and provisions and to have the receipt acknowledged and/or to provide these for the employees permanently at a central location for inspection. Suitable information about new laws and provisions should be provided, e.g. using the intranet.

All employees should be made aware of the fact that all work results and all information obtained at work are exclusively intended for internal and official use. Furthermore, the employees should be made aware of the requirement that they must conduct a prior check as to whether the disclosure of personal or confidential information is admissible. This is also applicable to data protected by licensing and copyright laws.

Review questions:

• Are the employees committed to comply with all valid laws, regulations, and provisions?
• Do the employees know the legal framework governing their work?