A new age: working from home and GDPR

The sudden emergence of Covid-19 and subsequent government guidelines that were released in an attempt to reduce the spread of infection has dramatically impacted the workforce in that a large number of those that are able to work from home are now doing so.

Although working from home may have its own perks, it can also bring with it several problems, mainly in the form of data protection issues. This is because individuals are no longer protected by a company IT infrastructure which may result in breaches under the GDPR. As a result, businesses must now take extra care to ensure they remain GDPR compliant.

What GDPR issues may arise from working from home?


1. Personal data being stolen

Cyber criminals have now taken to sending scam emails related to Covid-19 that entice victims into visiting websites used to steal valuable data. Any loss of personal data is a breach of the integrity and confidentiality principle of the GDPR and must be notified to the Information Commissioner’s Office (ICO). Consequently, the company affected may be exposed to fines or lawsuits from those impacted.

Businesses must consider providing staff with extra training on the relevant policies. Email filtering systems should also be considered to minimise these risks.

2. Personal data being exposed

For individuals working from home, there is an increased risk for accidental exposure of personal data to other family members. Companies should ensure they have taken the necessary steps to minimise this risk by training employees to be aware of their responsibilities in safeguarding personal data. They can also provide employees with privacy screens to minimise these risks. Consideration should also be given to whether company devices should be allowed to be shared with the employees’ family.

3. Personal data accessed via unprotected devices

Some employees may work from home using their own devices. This may give rise to exposure of personal data as personal devices do not usually have the same level of protection as company devices. If companies do allow employees to work from their personal devices, then they must implement a bring your own device to work (BYOD) policy, whilst also ensuring the BYOD policy does not affect the employees’ right to private life.

The solution to GDPR issues when working from home

With a large percentage of the UK workforce now working from home, it is becoming increasingly imperative for companies to regularly review the current training and procedures in place to ensure they remain compliant with the GDPR. Failure to do so, may expose companies to fines or court proceedings which can lead to adverse consequences.

CONTACT CHRIS

If you would like more information or advice relating to this article or an Employment law or Data Protection matter, please do not hesitate to contact Chris Cook on 01727 798089.

Read our latest views & insight about the GDPR
SA Law Red arrow neon light image
Views & Insights
Data Protection and workplace coronavirus testing

Managing the data protection challenges of workplace coronavirus testing

Read More
GDPR Numbers Image SA Law
Views & Insights
EU-US Privacy Shield declared invalid

The European Court of Justice (ECJ) invalidated the EU-US Privacy Shield as an appropriate mechanism to meet the GDPR’s cross-border personal data transfer…

Read More
SA Law Red arrow neon light image
Views & Insights
GDPR: two years on

Chris Cook examines a recent report from the European Commissions review of the GDPR, two years on.

Read More
SA Law Red arrow neon light image
Views & Insights
Data protection and the coronavirus pandemic

Good news: The ICO provides clarity on common areas of data concerns during the unprecedented coronavirus pandemic.

Read More
SA Law Red arrow neon light image
Views & Insights
Data protection and school photographs

ICO shares guidance following two schools being reprimanded for distributing photographs of pupils without parents’ consent.

Read More
SA Law Red arrow neon light image
Views & Insights
GDPR one year on: make sure your small business is compliant

Chris Cook shares vital tips for SMEs who haven't done anything to abide by GDPR, and how they can start going about compliance.

Read More
GDPR Numbers Image SA Law
Views & Insights
GDPR one year on

Subject access requests and complaints have been commonplace since the GDPR came into effect. Find out more about the trends and traps.

Read More
SA Law Red arrow neon light image
Views & Insights
What to expect in Data Protection Law in 2019

Our Data Protection Team highlight what we can expect to see from the Data Protection Act in 2019 and the potential impact of E-Privacy Regulations.

Read More

© SA LAW 2020

Every care is taken in the preparation of our articles. However, no responsibility can be accepted to any person who acts on the basis of information contained in them alone. You are recommended to obtain specific advice in respect of individual cases.