GDPR Compliance with Hybrid Working

Minimise Risk with Hybrid Working and GDPR Compliance

GDPR – What you need to know:

The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

Anyone who uses personal data must follow ‘data protection principles’ and ensure the information is used fairly and within the law. Personal data must only be used for specified purposes and needs to be limited to what is necessary. Find out more about the Data Protection Act 2018 here.

Minimise the Risks

Employees who work from home and that handle personal data must be fully trained on GDPR and how it affects their working practices. All employees must use strong passwords – it’s hard to keep track of passwords so password managers are a great tool to keep them safe and secure. Encourage your employees to use a VPN (virtual private network) when working from home as an extra layer of security.

The use of company devices is the most expensive option (but most secure) for employees who work remotely. The devices should be able to be supported and updated remotely and measures should be put in place to prevent data loss.

If your employees wish to use their own devices for working from home there are considerations you need to take into account before authorising in order to help prevent data protection and security breaches:

  • Ensure your employees have up to date software (including operating system).
  • Bear in mind the likelihood of family members or other members of the household seeing sensitive data.
  • Do other members of the household share the devices? If so, how can you ensure sensitive data is not shared?
  • Encrypt sensitive company data – there are multiple third party hard drive encryption software solutions.
  • Discourage the practice of storing or transferring sensitive data to insecure storage devices such as USB sticks.

Security Checklist:

  • Up to date policies for remote working.
  • Make sure all your employees (and you) are fully trained on data protection and how to remain secure when working remotely.
  • Guidance on working remotely for all employees.
  • Ensure all employees use strong passwords and utilise multi-factor authentication where possible.
  • Ensure employees use company email addresses when dealing with sensitive data.
  • Control access so that employees only have access to the data they need and nothing more.
  • Ensure all employees have up to date antivirus software installed (and turned on) on any personal device being used for work.
  • Ensure you use a corporate VPN to keep connections secure.

When Employees Leave

To protect against data loss you need to make sure you remove access to the company  email address immediately. Remove access to all applications and disable, retrieve and wipe any company owned devices.

On leaving, ask the employee to sign a document acknowledging they have returned any company owned devices and that they haven’t kept any company data.

Written by Ben Hemp from File Genie who is a member of Peterborough Business Directory.

See more articles here


Local View articles by category

Most Popular

Get The Latest Updates

Subscribe To Our Newsletter

More articles

Related Posts