GDPR compliance and working from home - A blog by Business Butler

Is your business GDPR compliant while working from home?

Recent research reveals that at least 10% of businesses who are working from home (WFH) due to the coronavirus pandemic are not GDPR compliant. You may think that GDPR doesn’t apply to your business or you may believe you are covered while WFH, but simply by using your own laptop or desktop instead of your work PC may mean you are in breach of GDPR.


So, what is GDPR?

General Data Protection Regulation (GDPR) is an EU data privacy law that was introduced in May 2018. Its purpose is to provide individuals with greater control over how their data are collected, used and protected online. GDPR means companies have to adhere to strict rules regarding the use and securing of personal data collected from people. This includes the compulsory use of technical safeguards such as encryption and higher legal thresholds to justify the collection of data. Companies that fail to comply can face extremely high fines – up to a maximum of £17.5 million or 4% of revenue, whichever is higher.

What businesses does GDPR apply to?

GDPR applies to any business that collects, processes, stores and uses the personal data of EU citizens or residents, or that offer goods or services to such people. This covers all business sectors from accountancy to marketing and retail to hospitality – in fact, any industry you can think of.



What do I need to be aware of when WFH?

Business owners and managers need to review their data protection policies and technology to ensure they are GDPR compliant. They should ensure employees have been trained on how to keep data safe while WFH. Additionally, ensure that the correct computer systems and the necessary security measures are in place. Data should not be transferred via a personal tablet, phone, laptop or PC .

Every device used for business use must have up to date security software such as firewalls and the latest antivirus, antispam and web protection installed to eradicate the risks of any security breach and data breach.

Home computers and personal mobile devices won’t have the same level of security installed and using such equipment can mean being more susceptible to a range of virus, spyware and other malware. Especially when other members of your family may be using your home computer or tablet and visiting all manner of websites. You also hear more and more businesses suffering from denial of service attacks (DDoS). And you may be surprised to know that firms of all sizes suffer from DDoS and not just the big companies.

You should try as much as possible to replicate the office environment when it comes to security and data protection. Set secure passwords and encrypt your device and documents. If you have any paper copies of anything work related it needs to be kept locked away securely.

When speaking with customers or colleagues about confidential information on phone calls at home you need to make sure these are done in private, find a spare room away from family members. This may sound pedantic but it is important you do this.

Anything else I need to know?

Although GRDP comes under EU legislation it still applies to UK companies after the nation voted for BREXIT and will continue to do so until the end of the transition period on 31 December 2020. After that date UK companies will have to abide by the new UK GDPR regime which in essence is almost identical to the EU GDPR – so nothing changes.

Being proactive is important in all aspects of business but especially when it comes to GDPR because the cost implications of reacting to a data breach are so severe they could close a business down.

If you are still unsure about your GDPR obligations and would like to speak to an expert please click here.