GDPR and Working From Home
With remote working set to continue for the majority of office workers it may be time to review your documentation and data you have gathered over the past few months. Where are you storing them and who is liable if something goes missing?
When working from home the same GDPR rules apply, but are you following them when working from home?
Data Protection
Every time a company gives an employee a new way of accessing data it puts that information at greater risk. Remote working from unsecure networks make it harder to verify the when, how and who is responsible for when data has been breached.
Many breaches have occurred from documents being left on public transport, USB sticks falling out of someone’s pocket or laptops being stolen so only have local companies of data you absolutely need or use encrypted USB sticks to minimise the chance of data being accessed. Setting strict access rights means that, should a criminal get hold of the employee’s laptop or other work device, they would only be able to view a portion of the company’s data.
Privacy
Many companies will suggest a tracking software to locate stolen a device if it becomes stolen. But that raises a privacy question as it also mean it can potentially track an employee and their activities.
We suggest asking your employer for policy rules around tracking, how that data can be used and are you in your rights as an employee to use the device out of hours. As many people working remotely are working a somewhat flexible workday it is important to make sure you are covered in case the boss decides to start minute counting. Employees may not be aware of what personal data are being processed and for which purposes, whilst it is also possible that they are not even aware of the existence of the monitoring technology itself.
Disposal
To be GDPR compliant at home means proper disposal of paper based data.
While electronic data security is high on an organisations agenda, many fail to adequately address security of paper based data. This is even more important when you are working from home as you are handling valuable data in an area that is not your place of work. In reality, it would be a costly and detrimental mistake to assume that paper based security risks have gone away.
Shredding paper based documents can help companies to meet GDPR requirements by providing an effective way of disposing of data securely to prevent access by third parties, as you are liable if a data breach leads to an individual’s information being stolen.
A key component of data security is proper paper disposal. Unshredded documents can be read by anyone, which can lead to sensitive information being breached. Shredding protects the reputation of your brand, your intellectual property and your sensitive commercial information.
