During the current health crisis, individuals and businesses alike are learning how to cope and adapt to the unprecedented challenges we all face. For many of us, myself included, this means uprooting from our workplaces and cobbling together a makeshift office in our front room, kitchen, or some neglected back bedroom piled with boxes full of knick-knacks and tat.
Wherever it is in your house that you now call “the office”, you may well be wondering how working from home affects your GDPR obligations. Are you allowed to carry out your usual responsibilities? Do you need to invest in expensive software? Should you lock your office door and install security cameras around your laptop?
In short, yes, no, and absolutely not. Whilst nothing has changed with regards to the law itself, the ICO, who are responsible for enforcing the law, are very aware of the current strain the current situation is placing on businesses worldwide and will take that into account where relevant. Their website states:
We understand that resources, whether they are finances or people, might be diverted away from usual compliance or information governance work. We won’t penalise organisations that we know need to prioritise other areas or adapt their usual approach during this extraordinary period.
That said, the law still applies. Here are just a few tips to stay compliant with data protection laws whilst working from home:
Use your work laptop
If your work involves processing personal data, your employer should have ensured that your laptop is properly secured. It should be at least password-protected and have up-to-date antivirus and anti-malware software. Your personal laptop, home computer, or tablet may not be protected to a similar level – especially if you keep clicking “later” on that annoying antivirus update window that pops up every time you turn it on – so avoid using it if you can.
You should avoid downloads for two reasons. First, downloading from a non-work-related website is always a risk, especially if the website is unsecured. Avoid doing this unless it’s absolutely necessary.
Second, you should avoid downloading files from any source, including work-related sources. Your laptop could be lost or stolen, meaning the data you’ve downloaded is lost too. The same is true for data saved onto a memory stick or printed out, these can both be easily lost, misplaced, or stolen.
Where possible, access data remotely by logging into your work’s intranet or using shared documents.
Keep your data hidden
When you set up your new office, take into account who can see your screen. Don’t leave it facing windows or open doors where people walking by your house might see personal information. Lock your computer or close your laptop if you’re going away for any length of time.
If you ever believe that there’s been a breach, whether you think you’ve lost or misplaced information or that it’s been stolen or seen by somebody who shouldn’t have seen it, report it to your manager. All your usual GDPR obligations still exist and the ICO still needs to be informed within 72 hours (if the breach is severe enough to warrant it).
It is essential that employers take steps in helping employees that handle data understand their responsibilities under the GDPR.
One of the most effective ways of having your employees understand their responsibilities under the GDPR is by offering them a short training course that covers the key components of the legislation.
Here at iHASCO, we offer an Online GDPR & Cyber Security Training Course Bundle that includes a range of courses that cover data protection regulations and cyber security.
The bundle includes courses like:
- GDPR Essentials Training (UK & EU versions available)
- GDPR Advanced Training (UK & EU versions available)
- GDPR UK in Education Training
- Cyber Security Awareness Training
- Fraud Awareness & Prevention Training
Claim your free trial to any of these courses today!