How to stay GDPR compliant when working from home
Working from home takes GDPR compliance to another level completely. However, it is probably fair to say that home organisation amongst remote workers does not always have data protection and the prevention of fraud top of the agenda. Some industries are far more vulnerable than others as well, in particular, the legal profession, accountancy, insurance industry workers and claims handling organisations all of whom control and are processing personal data daily. But they are not alone. So, if you are working from home with control of sensitive data within your role that identifies an individual or individuals either directly or indirectly, you will need to ensure you are compliant with GDPR. Here are some tips, that support you to comply to the GDPR.
- Only access servers that you need to perform daily tasks, do not dig around in areas that do not concern you or are not relevant to your job
- Take account of all the devices that you use including mobile phones when you are out and about
- Implement a strong password policy to protect documents, emails and the network. Use passwords which are both unique and memorable and create a two-factor authentication. Reduce the number of log-in tries to three attempts before the screen is blocked
- Never use public Wi-Fi networks if you stray away from your home office to a local cafe or are out and about in the car. You may also be offered free networks in your area when you connect your device to the internet at home – do not use them as they are not secure
- Make sure your device has an encryption setting and install a remote wipe app which will erase all data if your device is lost or stolen
- Ensure you stay on top of all software updates and are fully informed about your company’s data protection policy
- If you are self-employed then consider investing in an SME GDPR Toolkit of which there are many different varieties available online. These contain numerous resources to support GDPR compliance and most offer up to a year’s ongoing expert support
In this digital and supposedly paperless society, it is easy to forget paper documents as the focus is all on digital data and cybersecurity. So much of the conversation about personal data revolves around its digital form but paper is alive and well and frequently overlooked. Ensure paperwork has a proper secure home with appropriate filing systems and is not left lying around to get mixed up with other things in the household. Shredding is also an important point, that supports GDPR compliance in the home office. The Leitz IQ shredder range is discrete, silent and beautifully designed, to fit perfectly in every home office. If you are a remote worker, then this really needs to be on the list as part of your essential work from home kit.
Good GDPR security is about doing the right thing and also being able to evidence that the correct protocols are in place when working from home. Employment contracts should contain a reference to home working policy documents which outline the necessary procedures which you should implement to comply with data protection legislation. This is as much about protecting you, the worker, as it is about protecting data subjects and their sensitive information from fraud.