Coronavirus keeping you at home? Complying with GDPR from outside the office

Due to the recent spread of the novel Coronavirus (COVID-19), many employees have been forced for various reasons to work out of the office. As the virus spreads across Europe and global cases approach 100,000, the British government warned that one in five workers in the UK could be off sick during a Coronavirus peak, with many more likely to be in self-isolation due to having returned from certain destinations or having come into contact with infected individuals. Additionally, some organisations have temporarily closed their offices and told workers to work from home as a precautionary measure.

Keeping data safe and secure inside an office is one thing. Keeping it safe outside the office can be trickier. With that challenge in mind, we’re here to present you with seven vital tips on how to keep yourself and your organisation safe from a GDPR and cyber-security perspective when working remotely.

1. Use an encrypted, password-protected laptop:

When working out of the office, your best and safest bet, whenever possible, is to use your work laptop. Make sure it is encrypted with a strong password in case it gets lost. Avoid sending any sensitive data to your own personal email address, where it is more vulnerable to data breaches. Saving sensitive information on small USB drives is also not a great idea as these drives are often misplaced, and there is no guarantee that they will be used on an encrypted device.

2. Make sure you’re protected

Whether using a work or personal laptop, ensure that they are protected with the latest anti-virus and anti-malware software. Doing so will protect you from the latest threats and ever-changing array of viruses and malware that can attack your computer. 

3. Use strong passwords

Make sure your computer and all accounts are protected with strong passwords and/or a two step authentication process. A good way to create a strong, memorable password is to take three random words, put them together to create a memorable phrase, then change certain characters to numbers and symbols. Alternatively, use a password manager: A password manager is an app that safely stores all your passwords for you so you don’t need to remember them all. It makes it easier for you to log in, update old passwords, and even randomly generate strong, unique passwords for your most important websites.

4. Avoid downloads; use intranet instead

Avoid downloading sensitive data to your laptop. If the laptop gets lost or stolen, the data saved on it could be lost or stolen too. Printing out personal data is also not a good idea, as papers can go missing or fall into the wrong hands. Accessing data by securely logging into the organisation’s intranet is the best option.

5. Keep your work hidden

Never leave a screen on when there is a risk that sensitive data could be seen by others.

6. Avoid data breaches

Never send work-related personal data to a personal email account. This would constitute a data breach.

7. Remember to report

Always report potential data breaches as soon as they happen. Data protection law requires us to notify authorities of a breach within 72 hours from when it happens, and there are fines in place for failing to do so.

GDPR

Vinciworks’ GDPR refresher course GDPR: A Practical Overview has a whole section, including real-life scenario knowledge checks, on how to keep safe from vulnerabilities when working out of the office. While we all hope that the situation will return to normal in the near future, the tips in this blog and in the course are helpful both right now and any time you might find yourself working remotely.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.