A new age: working from home and GDPR

Mon 29th Jun 2020

The sudden emergence of Covid-19 and subsequent government guidelines that were released in an attempt to reduce the spread of infection has dramatically impacted the workforce in that a large number of those that are able to work from home are now doing so.

Although working from home may have its own perks, it can also bring with it several problems, mainly in the form of data protection issues. This is because individuals are no longer protected by a company IT infrastructure which may result in breaches under the GDPR. As a result, businesses must now take extra care to ensure they remain GDPR compliant.

What GDPR issues may arise from working from home?

1. Personal data being stolen

Cyber criminals have now taken to sending scam emails related to Covid-19 that entice victims into visiting websites used to steal valuable data. Any loss of personal data is a breach of the integrity and confidentiality principle of the GDPR and must be notified to the Information Commissioner’s Office (ICO). Consequently, the company affected may be exposed to fines or lawsuits from those impacted.

Businesses must consider providing staff with extra training on the relevant policies. Email filtering systems should also be considered to minimise these risks.

2. Personal data being exposed

For individuals working from home, there is an increased risk for accidental exposure of personal data to other family members. Companies should ensure they have taken the necessary steps to minimise this risk by training employees to be aware of their responsibilities in safeguarding personal data. They can also provide employees with privacy screens to minimise these risks. Consideration should also be given to whether company devices should be allowed to be shared with the employees’ family.

3. Personal data accessed via unprotected devices

Some employees may work from home using their own devices. This may give rise to exposure of personal data as personal devices do not usually have the same level of protection as company devices. If companies do allow employees to work from their personal devices, then they must implement a bring your own device to work (BYOD) policy, whilst also ensuring the BYOD policy does not affect the employees’ right to private life.

The solution to GDPR issues when working from home

With a large percentage of the UK workforce now working from home, it is becoming increasingly imperative for companies to regularly review the current training and procedures in place to ensure they remain compliant with the GDPR. Failure to do so, may expose companies to fines or court proceedings which can lead to adverse consequences.


If you would like more information or advice relating to this article or an Employment law matter, please do not hesitate to contact Chris Cook on 01727 798098.

Read our latest views & insight about the GDPR
How can we help?

© SA LAW 2024

Every care is taken in the preparation of our articles. However, no responsibility can be accepted to any person who acts on the basis of information contained in them alone. You are recommended to obtain specific advice in respect of individual cases.