The current situation has seen an unprecedented number of employees working from home every day, including those who have rarely worked remotely before, if at all. Iain Bourne explains why this could pose a data protection threat and gives some tips on securing data at home.
Working from home - what about GDPR?
The Information Commissioner's Office (ICO) has signalled that it will take the current circumstances into account when considering enforcement action under GDPR. However, the ICO will still expect employers to take appropriate action to protect information they are responsible for when their staff are working from home.
We know staying in touch with your team is your priority right now, so we’ve put together a list of the important things they need to remember to maintain data protection standards and remain compliant with GDPR:
Use work-provided devices to store and access work information wherever possible. Avoid storing work information on personal devices unless authorised to do so.
Try to maintain a safe area when working from home to make it easier to hold confidential phone calls. Don’t forget to tidy up papers and lock devices away at the end of the day.
If printing is enabled, make sure any confidential documents are in secure storage and are shredded if no longer used. Papers that cannot be securely disposed of should be secured until they can be returned to the workplace for secure storage or destruction.
Position screens and papers so that they cannot be read by others. In data protection terms family members are just third parties to whom information must not be disclosed.
Do not be tempted to show interesting work information to family members or others in your home. This would constitute an unauthorised disclosure in data protection terms.
Don't use work devices to do personal internet browsing or to conduct other personal business, unless authorised to do so.
Do not connect work devices to networks unless these are subject to suitable security as set out in the relevant security policy.
To protect your own privacy, disable cameras and audio recording devices if not necessary. Lock your device when not in use.
Stick to the usual rules when sharing information with third-party organisations, eg, encrypting attachments and verifying recipients’ details.
Next steps for data protection
If your people follow the simple rules above when working from home, this should reduce the risk of a data protection breach and put you in a reasonable position if one occurs. This does not mean that the ICO won’t take enforcement action, but the likelihood of this goes down if you can show that you took reasonable measures to make your staff aware of the rules.
Contact Iain Bourne for more information on data protection when working from home.
Data analytics and COVID-19: making informed decisionsFind out more
Businesses in lockdown are a target for cyber crime