Back to Insights Back to Insights

Since March 2020, when the Coronavirus pandemic forced many office-based employees to work from home (WFH), many people have to continued work at home for at least part of the week.

Although this provides excellent opportunities for work/life balance, employers must be aware of their UK GDPR compliance obligations concerning homeworkers.

Below are the answers to some frequently asked questions regarding UK GDPR compliance concerning WFH employees.

Should my WFH employees use their computers for work?

No, one of the key ways to keep data secure is to prohibit employees from using personal devices such as laptops and mobile phones for work purposes.

All working devices used by your employees while working remotely should be password protected. As a business owner, you should pay special attention to cyber security and ensure all systems are encrypted with up-to-date antivirus and antimalware software installed.

Can my staff print work-related documents at home?

Regular day-to-day tasks like printing CVs, payslips, meeting minutes, and expense forms could lead to a breach of the UK GDPR if personal information is viewed by people with no legal basis for seeing it or if the printed document is not disposed of securely.

Your business must have strict guidelines around printing and disposal of confidential information, and you may wish to provide certain staff with a shredding machine.

Do downloads by WFH staff risk breaching the UK GDPR?

Yes, as the website may be unsecure, providing hackers with an opportunity to cause a data breach in your network and access confidential personal data.

WFH employees should be trained to be alive to suspicious-looking files and documents and never to open attachments from emails received from an unknown sender that may cause a breach in the data protection laws.

Finally - how can I mitigate the risk of WFH employees causing a UK GDPR breach?

Training and communication are the best way to prevent compliance breaches. Your business’s data protection policies, procedures, and guidance should be clearly accessible and regularly updated.

It is also good practice to hold regular UK GDPR training sessions and ensure all employees have a direct line of communication with someone responsible for data protection and privacy law compliance within the organisation.

Get legal assistance from LawBite

LawBite has helped thousands of businesses achieve their commercial ambitions. To find out how we can help your business to be compliant with the GDPR, data protection, and privacy law matters, book a free 15-minute consultation or call us on 020 3808 8314.


Additional resources

In closing

Nothing in this article constitutes legal advice on which you should rely. The article is provided for general information purposes only. Professional legal advice should always be sought before taking any action relating to or relying on the content of this article. Our Platform Terms of Use apply to this article.

Free legal support for businesses

The LawBite Free Essentials Plan acts as your very own legal assistant, ready to provide expertise and guidance on the common legal issues that SMEs and businesses face.

Free Templates
  • X 3 legal document templates
  • Drafted by our expert lawyers
  • New documents added every month
Legal Healthcheck Tools
  • Business-specific surveys
  • Understand how compliant you are
  • Checks in, GDPR, IP, Brexit and more
Resources, Webinars and Articles
  • Access to the latest LawBite events
  • Legal guides for businesses
  • Smarter business law videos