Working from home? The GDPR still applies.
Get the work done
A global push towards remote working, and the unique circumstances of 2020, have created a keen focus on getting the work done from anywhere. While your business focuses on ensuring that service and delivery doesn’t falter when the office is closed, it’s critically important to keep GDPR compliance and cyber security in mind. Here are five ways to secure your remote working environments:
1. A remote access policy
In designing and developing the GDPR, legislators took note of the need to secure personal data as it moves around, in transit. This type of data movement is common within remote work settings. A remote access policy is an important part of your business’ GDPR policies and procedures. Your remote access policy should include:
- A set of policies, procedures, standards, and systems that are used to ensure the security of personal information.
- A set of security tools that each remote working environment uses. These may include VPNs, user authentication tools, encryption, and other security systems.
2. Secure data in transit and at rest
Your team works from home, works from a coffee shop, or works from an aeroplane. Just as your team moves around, personal data does too. The GDPR inherently recognises this movement of personal data and requires protection over the data with adequate safeguards such as encryption. In practice, we would refer to data in various states, such as “data at rest” or “data in transit” when determining appropriate or adequate safeguards over the relevant states. Data is considered to be “in transit” when it is travelling between two points:
- This could be physical, when a team member is transporting data on a laptop or similar device.
- It could also be technical, as data moves from a server to a front end, or is moving between devices.
An example of data at rest would be when it is stored on a particular device. This could mean the personal data is stored on a laptop, memory stick, or other type of equipment. There are many ways to protect data in transit and at rest. As part of your remote working procedures, you need to ensure personal data is secured and protected, no matter when and how it is accessed. Your business should use identity, access and user management tools to ensure personal data stays secure, no matter where your team works from.
3. Security tools and policies
Anti-malware software, anti-virus software, and secure browsing tools are mission critical technologies that your remote working teams must use. Similarly, encryption tools and systems can help to secure personal data, even when a device – like a laptop or mobile phone – is lost or stolen.
4. Two-factor authentication
Preventing phishing attacks, and other types of unauthorised access to personal data, is important. Using two-factor authentication tools and systems can help to secure personal data and ensure your remote working environments do not spell opportunity for hackers.
5. Who needs what data
There’s another level of data protection that often gets overlooked: the simple tactic of access. Your remote working teams don’t need access to every piece of information your business stores and uses. By deploying user and task-focused data policies, it’s possible to secure personal data, while ensuring your teams have the information they need, to get their work done.
Data breaches and personal responsibility
Training your employees to work from a perspective of data protection by design, is important for remote working teams. The most common cause of data breaches is simple human error. For guidance on how to secure your remote working environments, or to set up a training workshop, get in touch with ProPrivacy. We’d love to help your business and your teams flourish, while staying secure, from anywhere in the world.
As a communications consultant and freelance writer, Cath has helped more than 100 brands, businesses, and people, find the right words to tell their important stories. Cath points her cursor and bashes her keyboard to create useful, reliable content for people who want to learn more about blockchain technologies, finance, property, online safety & information security.