Following on from our post from last week regarding contingency planning for Coronavirus, we thought it would be useful to set out what you should be reminding your staff if they end up working from home. So, whilst the last post was about organisation’s considerations if their workforce has to work remotely because of self isolation or a general requirement to close businesses and organisations down, during the Coronavirus pandemic, this post is specifically about what you should be reminding your employees about their responsibilities.
Six points for employees to consider
- REMEMBER: Data protection doesn’t take sick leave, so GDPR continues to apply to all personal data regardless of where it is being processed, whether at work in the office or when working remotely. If necessary, employees should re-familiarise themselves with GDPR and your organisation’s policies as well as being sure they know who to contact in an emergency
- THINK: Employees should think carefully about where they are when processing personal data away from the office. They should check their surroundings and make sure no one could accidentally see what they’re doing (if they have them, they should make use of privacy screens for their devices). They should also think about who else could access their devices, for example, people they live with or who may use their computer, phone or tablet
- PROTECT: Make sure your employees know how to protect the personal data they are processing. Consider how they can prevent unauthorised access to personal data or systems. They should make sure they lock their device after use and avoid storing passwords on their own devices (e.g. in browsers) or sharing devices with the people they live with
- AVOID: Employees should try and avoid accessing data in public places or using public wi-fi access unless they can trust the connection is secure. They shouldn’t download data from systems to process on local devices (whether a work device or their own) – if they have to, they should make sure they delete it from the device, as soon as they’ve finished with it
- SECURE: You should ensure employees keep personal data secure at all times, following your existing security protocols and policies. Make sure they understand not to leave devices or paperwork lying around at home; they should lock them away. They also need to be careful where they’re storing data when it’s not in use, avoiding leaving devices or any personal data in their cars overnight, in unattended in public spaces as well as limiting who can access any of their devices or files
- REPORT: It’s important that employees remember you will be under GDPR obligations to consider whether a data breach is reportable, within 72 hours of becoming aware of it. So make sure they know to report any issues to the appropriate person internally
Compliance poster
To help you spread the word around your organisation we have produced a simple information poster you can share with your employees. You can view it below and download it here.
Providing cost-effective, simple to understand and practical GDPR and ePrivacy advice and guidance, via my one-stop-shop helpline. I ❤️ GDPR