hello and welcome to our new episode at Virtual Frontier. today we have Manuel Pistner and Olga Stepanova as our guests. Olga is a lawyer at the law firm Winheller in Frankfurt, a law firm that specializes in IT as well as non-profit organizations and tax and business law. today we simply want to talk to Olga, the legal side of home office and remote work and all the general conditions. but before we start talking, i would like to ask you to introduce yourself to Olga, just briefly introduce yourself, who you are, what you do.
yes of course, i am a lawyer and external data protection officer at Winheller in Frankfurt. my main topics are especially data protection law, but also it and it-law, i mean everything to summarize it, what digitalization concerns is my profession. and yes, i am very happy to be here today on the topic of remote work and home office, because it concerns us as a law firm as well, of course. and i am also very curious about your questions and also impressions outside the legal area, but how you perceive home office in general.
you have already gone a very interesting way as a law firm years ago. as i understood it, there is almost no paper in your office anymore. and you are very digitally oriented. maybe you would like to say something about how your office is set up, how it came to be, would interest me very much. this is what the founders or the heads of the law firms said, we want to say that we are a law firm that works fully digitally and gives the employees the possibility to work from where they want to.
exactly, the idea has always been there to be a little bit progressive and to really see what is possible with new technology. in other words, right from the start there were no paper files. it means that we have everything electronically in our databases and are therefore extremely flexible with regard to working locations, working hours and other things. that means that everyone has access to everything when they are on the road, of course, as far as it is necessary.
yes, need to know basis and co. but that makes things much easier, of course. that means that i am on the road nationwide as data protection officer for many companies and organisations for the public sector and can also work from my hotel room in the evening without having to carry a mountain of files with me. in addition, the IT infrastructure has always been set up in such a way that it is possible. no one expected Corona like now, of course, but we have 85-90 per cent of the
What does that give you personally to do the work where you want to?
i'm less stressed, i think, as far as the place is concerned. yes i know, this is my to-do list, these are my prios, i want them done today. but i don't have to stress myself. how do i get to work on time? how do i get to a meeting on time and how do i get there and back? that means i'm fully equipped with my laptop, which somehow weighs one and a half kilos, and i don't have to worry about where my files are, whether they are in frankfurt or in court or wherever.
i have everything with me, everything i need, and i think that's a significant advantage is that you might have this loss, which you also have when you commute a long time. there are certainly colleagues who commute a long way to frankfurt. that's the norm. that this time is not lost, but used productively, and what you have saved can then be used for friends, family, hobbies or simply relaxation, instead of somehow i
i have a question for you. there are still enough companies that say, man, we don't want this kind of work, or most of them don't say we can't, because and often the legal framework is what you hold on to and say, i don't have to move, because through DSVGO and all the legal regulations there are, i can't do that, i can't. What really keeps companies from taking the legal step and saying, "We work where we are, all over the world"?
Okay, and in practice, from your experience, What, why don't you do it if it has so many advantages?
i have to say that the companies i work with are very progressive in this respect. not because i somehow always work with progressive companies, but because there are a lot of companies in the industry and they noticed early on that you have a struggle for talent and that you can't guarantee that everyone is there at the same time in one place. yes, so war for talents, is particularly extreme in this area. i have clients who have outsourced everything to other countries and do programming services etc.
there's no pressure to tell them anything. yes, then our developers are sometimes in hamburg, sometimes in munich, sometimes in the countryside on alpine pastures and as long as you somehow have a decent internet. i just believe that it's very much down to the medium-sized companies who say: we've always done it this way, there was never a home office. i want to see the people, classic face timing. i then have the feeling that i'm in the right place at the right time.
And now, of course, the question that interests me most: Do court hearings and negotiations already take place virtually?
yeah, well, i actually had an appointment at the regional court in wiesbaden two weeks ago. it wasn't postponed. now i have to think about what i'm saying. in any case, it was compulsory to wear masks, etc. i had also talked to another judge from another chamber, and she said to me, well, actually she would prefer to question people without a mouth guard if it was somehow an interview with witnesses. then she would rather question them digitally than wearing a mouth guard in person in the courtroom.
i thought it was kind of interesting. the judge was from an older semester. in this respect, you can't say that it is now an age problem that older semesters don't want to set themselves up digitally. i don't believe that. i would have had another hearing right now, at the end of may was actually postponed to september. also on the grounds of corona. well, we could have done it digitally. the code of civil procedure also sees it
If negotiations were organised digitally in this way, who would be responsible for the technical direction, the court?
good question, yes, you first have to look at it from a data protection point of view. who is the responsible party anyway? either the court would be the responsible party, alone. i find that difficult. i would almost say i don't know whether we might even have a joint responsibility between the parties and the court. on the other hand, the court will probably be the one that provides the tool. so could the court also be the processor for the parties because it provides the tool?
that would have to be looked at more closely in the end. but i would in any case say from an IT security perspective that the tool and the accesses must definitely be provided by the court system, because otherwise there would be a problem if somebody were to run his own - i don't know if the plaintiff would run it over his servers, then he would ultimately have it in his hands, and i don't think i would like that at all.
In the last few weeks and months, one can already say that there have been very, very many companies that have gone into the home office, continue to practice remote work with their employees and have also recognized that it is a possibility to interact with the employees. But the legal framework conditions are somehow still relatively vague, or perhaps they are already in place with centralized process management. But the companies may simply not yet really know what the framework conditions are. What must the top two or three points a company pay attention to if it now sends employees permanently to the home office or offers the possibility that employees work remotely from where they want to?
the main points are of course data protection law on the one hand, then i guess at point 2 occupational safety measures and now one could consider what that is, whether it is tax law, tenancy law or maybe insurance law. it is of course already the case that everyone is talking about it somehow, yes, what about data protection. but there are certainly other legal matters that play a role in any case. best example. i don't know. i am sitting in my home office, want to make myself a coffee, scald myself at the coffee machine.
is this an occupational accident or not? is that somehow insured then? does my employer have to see that my chair i am sitting on is somehow ergonomic or not, somehow occupational safety aspects. but essentially, i think it will come down to the fact that it has to be set up properly in terms of data protection law and also IT infrastructure. the usual things are of course, if i am referring to personal data
how about if i... you just said right now, i need a shredder if i still have paper at home. suppose i don't need paper anymore because i'm consistently digitizing everything? now you said yes, okay, we have to see that if we have employees who have any data on their private device or even have data on their device, that it's all encrypted. if i move everything into the cloud now. i don't have my own servers anymore.
i don't have my own software that i install on my local pc, no local file storage. do i still have the issue then, or is the cloud really the carefree package, and i don't have to worry about all those physical devices anymore?
if you work completely out of the cloud and don't do any local caching. in my opinion, the cloud is the best way to do things because everything is centralized in one place, preferably also to avoid data garbage, one has to say, is it that the files that are being worked on, I don't know, documents, lists, whatever it may be, that you replicate them, don't make a backup copy here and there, but really work on everything in one single file in one single file.
of course you should take into account that this cloud might be located in the EU. i don't want to badmouth US solutions per se or solutions from other third countries. i don't want to badmouth US solutions or solutions from other third countries. i don't want to do that at all. but it is already easier to get to a data center if it is located in Düsseldorf and not in San Diego. so you can certainly think about that. i'm a friend of cloud anyway, because i think that yes, i mean, of course i can look if
But many people do it anyway, and I keep hearing them say, especially in conversations with companies, that people here in Germany are so nailed down when it comes to data protection that our hands are tied. We cannot actually go digital. What is your opinion on that?
i think this is perhaps either a mix of lethargy regarding the topic of digitalization, and perhaps also ignorance. i have nothing against a good german data center. after all, you have to think of it that way, depending on what kind of data i process, personal or non-personal data. it may well be, i'm an engineering company. the personal data from here is fine, a few customer data, name, address. but perhaps much more exciting are all the drawings, i.
e. the non-personal data. and that's actually the main asset in our now service-oriented society. so i have to make sure that this server, on which everything is stored, that the backups run properly, that everything really works flawlessly. perhaps it makes much more sense to give it to the cloud, where this security measure is not only independent of data protection, which only refers to personal data, but also to real data protection.
Manuel There I had stopped with the new questioning.
in the last few months, we have also had to deal with the fact that many companies have sent their employees home. but the management in the way of thinking relatively still in the traditional way of thinking many managers who also want to control their employees. we already mentioned this very briefly at the beginning. also the subject of control. there have also been reports in the press in the last few days that companies have their employees being shadowed by private detectives at home, as far as work performance is concerned.
what can you say about this, as far as the legal aspect is concerned, as far as the conditions are concerned and maybe also your, your personal opinion on this in general?
legally, you have to say in any case. because i work at home, of course i am also protected by basic rights, that is, my right to the inviolability of my home. so if someone hires a private detective to enter my premises, on the balcony, anything else, then that is of course trespassing, and that is also quite clear. there is a ban on total surveillance, it is in any case not allowed, for example, to install any keyloggers or anything else on the PCs of the employees in order to then, i don't know, take screenshots every half hour to see what the person is actually doing?
of course, something like that is not allowed. something like that would be very, very, very difficult, if at all, but very, very difficult, that is, if an employee agrees to it. but i have justified doubts about that, i think of the voluntary nature of such a consent. that is, in my opinion, in any case not okay. what is okay is, of course, the fact that the employee is not allowed to do that.
Yes, Manuel in any case... What kind of entrepreneurs do you have who listen to you in the episode and perhaps think more in terms of control than as a tip than advice? Because you have been consistently relying on Remote for several years now when it comes to your colleagues and employees. What can you give them?
i would even say that since we work more with freelancers, we currently have over 150 freelancers in 67 countries and they can leave whenever they want. they can leave overnight. that is, if i control and tell them what i should do, and say look out, tomorrow i'll be standing in front of your door and see if you're sitting at your computer and somehow producing 120 keystrokes per 10 minutes. then tell me tomorrow, ciao! because they simply don't depend on them working with me, but rather on the good ones in the morning in their new job.
i would say the independence that freelancers have, but also the independence to find the right people for me when i need them. i can only do that if i really have trust. but now i don't mean blind trust. it's not about blindly trusting people and saying, "come on, you're on my team now, you're doing something, and i trust that on
and only if i can tell the employees and control it, i can exercise the power. and that's just the leadership style that consists of the old economy. i believe that this will be less and less accepted in the future, especially by employees, and those who still lead like this today will find it even more difficult to find good employees in the future. what you can do now is first of all to really think about it. what do i expect as output from the employees and to write that down?
what has to be the result that i say i get what i want from this employee and i don't have to control the person anymore. you can practice that. you can practice that with the top employees. just say, just write it down. what are your KPI's? what is it that you really deliver in terms of results? and then you can review and coach each other and then just say okay, i don't tell the employee what to do anymore.
i just ask questions, so lead by question, not by saying. and practice that for a week. that will be just for the control pressure and always say do this, do that, and do you actually, do you actually, do you actually, become quite a challenge. but i think it is a first good exercise to lead by result instead of by presence.
I was also quite shocked to hear the last few days that such a private detective agency can easily cost 2000 Euro per day and per case, but I think that the money would be much better invested in the employees and maybe in training them to work for results.
Or a psychologist to the manager who hired the detective.
we were talking earlier about the cloud trend. if we look back ten years or 15, i don't know exactly. this trend just came up, and many people said yes. oh, that's evil, and i need the server under my desk, so i know exactly where my data is. now it's like that today, the standards in the data centers are all much, much, much, much higher than the standards under my desk. and there are also a lot of consultancies and foresters who say that in ten years, the companies that don't have a cloud strategy today will no longer exist.
what if we go further than that? i mean, the reason is companies want more security, more flexibility, and don't have to take care of everything themselves. i don't want to worry about infrastructure. i want to do my job, you as a lawyer, us as a service provider for digital projects and marketing. what will it be like in the future when freelancer Tren
if by that you mean that you have a pool of freelancers and you just look. i don't know which platform, i have no idea upwork, is somehow very trendy, or even services that you offer. thanks again. i can well imagine that the labour market as a whole is simply changing because people are becoming more flexible, and the labour market is also becoming more flexible, and you can certainly ask yourself whether it makes sense to have so many people permanently employed.
i don't know. i always have a bit of a stomachache, even when i think temporary workers are temporary workers. i think that's a highly political and philosophical question. i can well imagine that the trend will simply grow for those who feel like it. and i believe that, or at least that's how i feel. i say that my work has to fit my life. and not necessarily the other way around. in any case, i'm one of those people who likes to work very much and who is very interested in what i do.
at Flash Hub like Manuel said before. at Bright Solutions we work with freelancers all over the world. i myself am also based here in Mexico and we have employees all over the world. if a company in Germany, for example, says OK, we are open-minded, we can imagine to work together with employees and colleagues in other places. but they are still somewhat sceptical and maybe have concerns about security. if i have employees in India or Mexico, for example.
what is important, what is the basic building block to ensure a reasonable cooperation, both in terms of legal matters and security?
Manuel did you have another question?
Why did you become the freelancer?
yes, i became a freelancer because i find that i have the possibility to work for different projects and companies, just like olga just said. freedom was a big issue for me. then being able to work, what many people in the home office are now experiencing in a new way. ok, i can set my working hours when i can really do my best. so this classic 9 to 5 is rather difficult for me. i have my peak times, just tomorrow and then the afternoon again, and between 12 and 2 pm it's rather difficult to work with me.
as a freelancer, i can simply say that i'm not available at that time. and with my clients it works very well. i can say that again, why i became a freelancer. how did you experience this in the last weeks and months regarding the changes in companies you know personally
well, i'll say. due to corona's compulsion, no one has any reservations anymore about whether it works if you work together remotely digitally, but the question is rather how does it work better? personally, i'm in seventh heaven because i save so much time. i now have at least eight to twelve hours a week, which i easily save because i don't have to transfer my body from a to b just to do the same thing i'm doing here, which is communicating.
most meetings that don't require us to touch each other, we just talk to each other, and i can do that completely digitally. and that's where i save myself so much time. i think it's really great. and i would like to see this acceptance of digital collaboration so that it remains. it's good for the efficiency of companies. it's good for the employees. it opens up the possibility for companies to also have a digital meeting.
Definitely. what i've taken away from the Olga is that it takes work when companies say we're opening up these channels, to remote, to home office, but the actual hurdles are relatively small. so it's more the work of saying we want it. and what is really needed to implement it? then it's mostly an implementation issue, but less the question of whether it's possible or whether there are legal concerns.
exactly, and one more thing perhaps at this point. yes, it's not somehow exorbitant what it now requires in terms of implementation, purely legal implementation. there are the odd data protection supervisory authority that has already passed checklists. it's really not, i know, so incredibly complicated to do that anymore. and even if it costs two, three, five ten hours of a lawyer or data protection officer. if you just think about how much the rents in frankfurt cost, for example, and you really, as i said, stupidly take a calculator, you can certainly calculate that this investment might be worthwhile.
we've already joked at our office right in front of my office another skyscraper is being built, and we've already joked about whether it will be rented out so quickly, because maybe one or two companies have had the idea of renting office space.
So is mine.
mine too. i live here in a village that doesn't even have 900 inhabitants. i think it's totally great. i have my peace and quiet. i'm two steps away in the woods. i'm also in cologne in half an hour. i'm in frankfurt in an hour. but actually i'm rarely there, because when i see some friends, which isn't possible at the moment. for me it also has huge advantages. here the living space is cheaper, here i have my peace and quiet.
it's great. i have another question. we had already done a project together before and said it earlier. thank you very much, can you maybe even say a little bit about what your experience was like?
yes, my experience was exciting. i won't be able to tell too much about it now. the background was this: we were planning to make a company acquisition, and like most company acquisitions that we accompany here at Winheller, it was really with an IT focus, meaning that in the end the company was not so incredibly interesting, but rather the technology, the software behind it, the code. and the client approached us and said, ok, you can carry out an IT due diligence and I'll tell you the rest, of course you can carry out employment contracts, etc.
, whatever is involved in a normal share purchase deed. but we have a point. we need a technical due diligence. so i said, first send us the document with all the stuff you have. and i found out that it wasn't ten or twelve different programming languages in which the code was written, or corresponding parts of it. it was just a matter of time.
i was also very impressed. that's why it was so exciting that the project is taking place in a legal environment. and i never expected that we would get a law firm as a client that would hire a virtual team for a technical due diligence. i was really excited about that. it wasn't quite one day, i think it was three days until the whole team was there. but there were really six or even eight freelancers really from the US to Bali and via India to Portugal i don't know where.
it was a really exciting project, it lasted over two months. i also thought it was really cool. thanks again for joining us.
Yeah, I'd love to.
I think we have now discussed some interesting and important points regarding the topic of home office and also the legal framework. dear Olga, if companies or people want to contact you, what is the best way? how can interested parties or customers approach you?
Everything that is possible, by phone, by e-mail, by carrier pigeon, everything. I can be reached in all ways, digitally above all. That means just let me know, call here in the office or simply write. We will get back to you relatively quickly.
So I'd like to thank you both again, Olga and Manuel for your participation and your input on the episode, and I'd like to thank our audience again and I'll see you next time, here at Virtual Frontier.
Thank you both!