The GDPR, or General Data Protection Regulation, which came into effect May 2018, has drastically transformed the digital landscape.
Chances are, it has also affected how your workplace secures paper data, handles cybersecurity, and protects user information.
But when it comes to remote work, employees are left guessing. In fact, HRZone’s 2020 report on HR trends found that 57% of employers didn’t have a formal remote work policy.*
So how does the GDPR apply to remote workers? Can you even remain compliant while working from home? This is what we’ll answer in this short post.
Does the GDPR Apply to Home or Remote Working?
That’s an easy one: the answer is a resounding yes. The risks of a data breach or losses are just as high at home as in the office, probably even more so if you don’t have the right processes or equipment setup.
This could have dramatic consequences for companies of all sizes, including lengthy legal proceedings and hefty fines. It is therefore in everyone’s interest to create a remote work policy that goes into as many specifics as possible about how remote workers handle sensitive paper based data.
What Should a Remote Working Policy Cover?
While every business will handle remote work policies differently, there are a few general guidelines to follow:
How to Handle Home Encryption and Security
Here again, it’s hard to come up with a one-size-fits-all policy, but generally you’ll want to ensure your Wifi network is secure, and that business digital files are properly encrypted. Elsewhere, common sense applies; you should lock your screen when not in use, use strong passwords and 2FA (2 factor authentication) when possible.
The IT department could also set up a device monitoring tool, to ensure no suspicious traffic is coming or going to the remote worker’s computer. It’s common practice to use a VPN, or Virtual Private Network, to ensure any communication or file transfer is under control.
Having the Right Home Equipment
Going back to the HRZone report, one of the biggest complaints from home workers is that they lack the proper equipment. 40% or remote employees said they did not have the right tools.*
That equipment will include software and hardware as well as consumer electronics. Computers and laptops with the appropriate security tools for login, encrypted removable devices, and even business machines to dispose of important information such as paper shredders.
Do you really need to Shred Documents?
Once again, the answer is yes. Many people assume the GDPR only covers digital data, while in fact it also has strict guidelines on how to deal with paper-based sensitive documents.
It is highly recommended that you shred documents that have been removed from your workplace and taken home for business use. This also applies to any sensitive or confidential documents that you print yourself at home for business or personal reasons.
This is where having the correct paper shredder can go a long way in helping you remain compliant. Generally speaking, you should ensure:
Key takeaways
Contrary to popular belief, the GDPR doesn’t only cover digital data. It also describes how workers, both at home and the office should handle paper data.
So, whether you’re a business owner, executive or employee, it is your duty to ensure that all data is properly handled, encrypted, protected, and disposed of.
And just remember that GDPR protection at home starts with the right remote work policy, but also the appropriate tools and equipment.
Find out more
To find more about our Rexel Secure range, which are the ideal shredders for home working, contact your banner account manager or visit our e-shop at www.banneruk.com/Shop
Join us on LinkedIn or follow us on Twitter. Or subscribe to our blog for notifications on our latest articles by adding your email to the subscribe box at the top of this page.
Sources:
*https://www.hrzone.com/community/blogs/menna-shalaby/remote-work-and-gdpr-7-steps-towards-compliance