If your organisation's GDPR policy doesn't cover remote working, it probably should.
With personal data breaches leading to a potential fine of nearly £18 million pounds or 4% of annual global turnover, most organisations are all-too aware that complying with GDPR is essential. However, you may need to check your organisation is covering all bases, including remote employees.
The number of people working from home in the UK increased by a fifth in the ten years to 2016 and is now likely higher than the 1.5 million people estimated to be working remotely then.
Making sure these employees are working securely with personal data should be as big a priority as it is with office-based workers, especially when you look at recent figures.
In the first three months of 2019 (Q4, 2018/19) 2,577 non-cyber personal data breach reports were received by the ICO (Information Commissioner’s Office) in the UK.
Of these, 245 incidents involved the loss or theft of data or paperwork left in an insecure location. Another 112 reports involved the loss or theft of a device containing confidential data, and another 600 reported data breaches were described as ‘other non-cyber incidents.’
While not all these data breaches will have been the result of remote working, incidents like these leave organisations exposed to a hefty fine and reputational risk, particularly if they cannot show they had taken appropriate protection measures beforehand.
If you or your colleagues work remotely, even occasionally, keeping personal data secure is as important off-site as it is on-site, because risks can increase when paperwork, laptops and other devices are on the move.
Advising remote workers
Anyone who handles data should be kept up to speed on GDPR requirements, including storing devices and paperwork safely.
Regardless of work location, people need to keep data secure and ensure that printed material and devices are safely locked away, encrypted and securely password protected where possible. Laptop locks, lockable device bags and lockable filing equipment can all offer protection, on the move or at home.
For remote workers who need to take work home, encrypted USB and SSD devices are a good answer, reducing the risk of data being stolen or lost once it leaves the workplace.
Prevent visual hacking
Privacy filters are a must for people working on the move or in public places. These help to prevent anyone other than the device user from spying the contents of a screen.
In our busy work lives, it isn’t unknown for people to forget to return or destroy old paperwork. But some of this could include personal data on employees, customers or third parties, and could leave your organisation vulnerable if it went astray.
Rather than run the risk of ‘out of sight, out of mind’, it’s vital to check that people are not storing no-longer-needed information in places such as a home office or laptop bag, where it could run a risk of being lost or stolen.
GDPR requires organisations to securely destroy personal data once it is no longer needed for the purpose it was obtained, so everyone should follow an agreed practice, such as returning all confidential materials to the workplace, or destroying them safely at home using a cross-cut shredder.
For more information please view our security flipbook