Since March 2020, when the Coronavirus pandemic forced many office-based employees to work from home (WFH), many people have to continued work at home for at least part of the week.
Although this provides excellent opportunities for work/life balance, employers must be aware of their UK GDPR compliance obligations concerning homeworkers.
Below are the answers to some frequently asked questions regarding UK GDPR compliance concerning WFH employees.
Should my WFH employees use their computers for work?
No, one of the key ways to keep data secure is to prohibit employees from using personal devices such as laptops and mobile phones for work purposes.
All working devices used by your employees while working remotely should be password protected. As a business owner, you should pay special attention to cyber security and ensure all systems are encrypted with up-to-date antivirus and antimalware software installed.
Can my staff print work-related documents at home?
Regular day-to-day tasks like printing CVs, payslips, meeting minutes, and expense forms could lead to a breach of the UK GDPR if personal information is viewed by people with no legal basis for seeing it or if the printed document is not disposed of securely.
Your business must have strict guidelines around printing and disposal of confidential information, and you may wish to provide certain staff with a shredding machine.
Do downloads by WFH staff risk breaching the UK GDPR?
Yes, as the website may be unsecure, providing hackers with an opportunity to cause a data breach in your network and access confidential personal data.
WFH employees should be trained to be alive to suspicious-looking files and documents and never to open attachments from emails received from an unknown sender that may cause a breach in the data protection laws.
Finally - how can I mitigate the risk of WFH employees causing a UK GDPR breach?
Training and communication are the best way to prevent compliance breaches. Your business’s data protection policies, procedures, and guidance should be clearly accessible and regularly updated.
It is also good practice to hold regular UK GDPR training sessions and ensure all employees have a direct line of communication with someone responsible for data protection and privacy law compliance within the organisation.
Get legal assistance from LawBite
LawBite has helped thousands of businesses achieve their commercial ambitions. To find out how we can help your business to be compliant with the GDPR, data protection, and privacy law matters, book a free 15-minute consultation or call us on 020 3808 8314.
- The difference between a data controller and a data processor
- What is the Data Reform Bill?
- What is data processing under GDPR?
- How to gain consent under the GDPR
- GDPR compliance for mobile apps
- UK GDPR compliance for charities
- Who needs a data representative in the EU for GDPR compliance?
- Handling personal data correctly
- Health and safety when working from home