Work from home: Practical steps for businesses in ensuring data protection compliance
25 March 2020
Background
The Covid-19 pandemic and the government’s most recent response have led to workforces across the UK having to work from home.
This poses a number of challenges and risks for employers. One of these is how businesses can keep data protection (DP) compliant and within the scope of the General Data Protection Regulation (GDPR).
Risks involved: Case study
You have a member of staff who is working from home and they allow a delivery driver to enter the house to deliver a large package. In this instance it is likely a data breach may occur if the laptop or computer is left unattended or unlocked where the delivery driver can see it. This is particularly the case if personal data such as names, addresses etc. are on view. If your staff member is to work remotely you must have adequate safeguarding procedures in place.
The steps your business can take
Practical steps you can take to limit your risk include:
Adopting a work from home policy.
This can include measures in relation to how employer equipment is used and outline the staff members’ responsibilities when working from home such as not leaving a computer or laptop unlocked when it is unattended.
Prohibiting data transfers to personal devices/ email accounts.
The use of personal email addresses should be prohibited. Personal email accounts are likely to be less secure than work-based accounts due to the lower levels of virus protection. One infected email can lead to a DP breach and cause network issues across your business.
Restricting access to sensitive personal data.
A remote working policy can help clearly define which members of staff should have access to certain files.
Prohibiting use of public Wi-Fi.
Using unsecured systems like these can allow others to see emails, encrypted messages and login information.
Encrypting devices.
Encryption software can be installed on an entire device or certain files.