Due to the recent spread of the novel Coronavirus (COVID-19), many employees have been forced for various reasons to work out of the office. As the virus spreads across Europe and global cases approach 100,000, the British government warned that one in five workers in the UK could be off sick during a Coronavirus peak, with many more likely to be in self-isolation due to having returned from certain destinations or having come into contact with infected individuals. Additionally, some organisations have temporarily closed their offices and told workers to work from home as a precautionary measure.

Keeping data safe and secure inside an office is one thing. Keeping it safe outside the office can be trickier. With that challenge in mind, we’re here to present you with seven vital tips on how to keep yourself and your organisation safe from a GDPR and cyber-security perspective when working remotely.

Should we be sharing files via email?

Reducing cyber breach risks in your business

Sending information by email is never really secure, even over an HTTPS connection. Not all email providers offer an encrypted way to send messages.

Unless the files themselves are encrypted, such as by using a password-protected PDF, there is no guarantee that the intended recipient will be the only one to see the message.

Since GDPR came into force, there have been:

• 160,000 breach notifications made to authorities
  • 247 notifications per day in 2018
  • 178 notifications per day just in the first half of 2019
• A total of £100m in fines

Here are some of the recent fines that regulating authorities have issued and guidance on how to make sure your business stays on the right side of GDPR.

Four GDPR fines we can learn from

British Airways – £183m (under appeal)

What happened?

The airline was victim to a cyber attack where the personal data of 500,000 customers was stolen by hackers through a fake website. The ICO said the incident took place after users of British Airways’ website were diverted to a fraudulent site. Through this false site, details of about 500,000 customers were harvested by the attackers, the ICO said. The incident was first disclosed on 6 September 2018 and BA had initially said approximately 380,000 transactions were affected, but the stolen data did not include travel or passport details.

Why are they being fined?

Information Commissioner Elizabeth Denham said: “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience. That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

It’s hard to think of something going on longer than Brexit, but the ePrivacy rules might just be it.

What is the ePrivacy regulation?

The existing 2002 ePrivacy regulation covers electronic communications. This means email marketing, cookies on websites, and privacy in electronic communications. The existing one was meant to be updated and implemented with GDPR in May 2018, but… it hasn’t happened. 

The goal of a new ePrivacy regulation is to develop a regulatory framework for machine-to-machine communications and the internet of things.

It might sound like a Daily Mail headline, but don’t dismiss this as political correctness gone mad just yet. Your company Christmas cards could very well result in a data protection violation.

Santa Claus checks his list twice, and so should you. Keeping marketing lists up to date is vital for GDPR compliance and sending out the annual Christmas card is no different than any other mass mailing. Are there people on the list who’ve objected to receiving marketing information, or former customers your business hasn’t dealt with in years? Strike them off. The last thing you’ll need in the new year is a flurry of data protection complaints.