With many Brits back to working from home until at least mid-February, experts reveal what both staff and employers need to do to remain GDPR compliant.
From accessing work-related emails on personal devices to correctly disposing of confidential print outs, remaining GDPR compliant when working from home can be tricky but it’s essential to avoid penalties and potential data breaches.
With this in mind, experts from confidential shredding and records management company Go Shred share their top tips for both home workers and their employers on adhering to the strict GDPR guidelines in the UK:
Only use approved technology
The best thing to keep information secure is to stick with approved devices to access work-related documents and emails. Employers should provide staff with the required technology to conduct their duties so there should be no need to use personal items.
The approved technology supplied to staff should be password protected and encrypted. Laptops, desktops or tablets should have up to date antivirus and antimalware software which personal devices may not have to the same standard. This software should be kept up to date to avoid being targeted by hackers.
Workers should also refrain from downloading email or messenger apps on their personal devices to conduct work, as this could be considered a GDPR breach if confidential information is accessed.
To avoid loss or theft of these devices, all items used to conduct work-related activities should be stored away securely at the end of the working day.
Since the GDPR regulations came into play, organisations created policies, procedures and guidance to ensure compliance. It’s essential that these are kept up to date and reviewed now that staff are working remotely. Employers should review their current cybersecurity framework and adapt to cover the new working from home reality.
Organisations should then update staff to make sure they understand their responsibilities under the GDPR whilst working from home. Holding training sessions and creating regular lines of communication for employees to ask questions and report any concerns should be a priority.
If you’re unsure about your own responsibilities under the GDPR regulations, speak to your data protection officer, cybersecurity team, IT department or business leaders and request further information.
Take care with print outs
When you’re in the office, it’s likely that you’ll have confidential waste bins to dispose of print outs, but this might not be the case in your home office. Printing anything from meeting agendas to expense forms, CV’s and internal documents could put you at risk of breaching GDPR regulations. Businesses should consider how they can work with their existing confidential waste management companies to support the correct disposal of these items, with products such as mini shredding bins and remote collection now available.
You should also be wary when it comes to making handwritten notes during working hours, as these may contain confidential information. Make sure you follow your employers existing guidance and safely store any print outs or handwritten documents until they can be disposed of securely.
Downloading documents or files online comes with a range of risks. Firstly, the website you’re downloading from may not be secure, meaning hackers could gain access to your network and in turn confidential information. When working from home, try to be extra vigilant when it comes to accessing unsecured websites and do not open web links or attachments which appear unsafe.
Secondly, downloading files directly to your laptop or desktop means that information is then stored there, so if it’s stolen or lost, the download disappears too and the information is then at risk. Where possible, you should access data remotely through your works intranet or shared documents system.
There are many considerations to be made when it comes to secure communication whilst working from home. Your first port of call should be where you set up your home office, don’t have your screen facing the window or open door where people may be walking past and can see information. If you leave your work station for any reason throughout the day, you should close your laptop or turn off your screen.
Stick with the communication facilities provided by your employer where available, and only use secure messaging apps and approved document sharing systems. If you’re unsure of how secure your emails are, password protect documents and share passwords on a different channel.
And finally, if you share your home or working space with others, try to ensure your holding conversations and meetings where others cannot overhear and position your screen where it is less likely to be overseen by anyone around you.
Mike Cluskey, Managing Director at Go Shred said: “Working from home demands a different security standard than being in the office, especially when it comes to data security and disposing of confidential information.
“Although remote working has become the norm for many people, it is still daunting for both employers and home workers to think about GDPR compliance which requires businesses to keep all personal data private and secure.
“Companies of all shapes and sizes need to ensure GDPR compliance, whether you're a startup or a well-established organisation, sticking within the existing guidelines is essential to avoid fines and reduce the risk of data breaches. We urge business leaders to look at their existing practices both online and offline and consider whether these are still working for their remote staff. Homeworkers should also take extra precautions to make sure they are doing everything they can to protect confidential data and information.”
To find out more about staying GDPR compliant when working from home, please visit: https://www.goshred.co.uk/go-shred-blog.html