advo hr have written various articles in the past on the pros and cons to homeworking and wider considerations when implementing, but have you considered this from a GDPR compliance perspective?
Working from home is becoming more and more common practice in businesses. There are many benefits from both the employee and employer perspective. It can reduce the financial burden and is convenient for both parties, for employees – saving costs of commuting to an office location and for the employer – it could reduce the amount of office space needed.
However, employers need to minimise any risk relating to data protection for homeworkers in order to protect the business.
From a homeworking perspective confidential data can be stored in a variety of ways including on electronic or mobile devices e.g. mobile phones, tablets and laptops and in hard copy form in home offices or laptop bags etc.
We recommend implementing a suitable homeworking policy. This could include:
- Informing employees they are responsible for all information they take outside the employer’s offices.
- All mobile devices must be secure and password protected.
- When travelling, mobile devices must be kept securely and with employees at all times, e.g. not left unattended in the car/on the train etc.
- Setting sync mail for a limited period of time.
- Defining the use of company laptops, where applicable.
- If personal and/or sensitive personal data has to be loaded onto a company laptop, this should be protected and encrypted.
- Ensure employees keep data in a secure place if taken home or to another location.
- Provide advice on how best to destroy hard copy documents when no longer needed.
- Consider where appropriate, prohibiting the removal of hard copy documentation from the office environment if the risk of inadvertent loss is greater.
- Making employees responsible for ensuring other members of their family/friends/employees do not have access to information belonging to the Company.
- Mention a failure to adhere to the terms or breach of the policy could amount to disciplinary action and in some cases result in gross misconduct.
Given the risk and consequences associated with a loss of confidential data and breach of data protection under GDPR, it is important for employers to ensure they take precautions to protect the business in this area. If there is a data breach or if a device is lost or stolen, this should be reported immediately to the person responsible for GDPR in the Company, in line with any internal procedures.
If you would like to know more about this or any other HR related subject then drop advo hr an email on firstname.lastname@example.org