GDPR: Working From Home
Posted on 2nd April 2020 at 08:07
In this new era of working from home we still have to be mindful of our responsibility to protect data. To that end we have developed this sheet to help you check whether you are keeping data secure at home.
Use a VPN where possible. This is something that your IT Company or Deparment should be able to set up and it helps make home wifi more secure.
If you can't set up a VPN ensure your Wifi is secure, if you have never changed the password on your router, now would be a good time to do it. If you can have separate partition for you and the kids that would be great as this will prevent any viruses they pick up from permeating the whole network.
Keep any hardcopy/paper records locked in a cabinet/cupboard when you are not using it.
Password protect any documents that you are sending that contain personal data.
If you are transporting any documents containing personal data keep it in a locked box.
Make sure other family members don’t have access to the personal data.
Report a data breach immediately to your data protection officer.
What is personal data?
Personal data means any information relating to an individual such as a name, email address, home address, telephone number, an identification number, location data, ethnicity and disabilities.
What is a data breach?
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
What are your responsibilities under GDPR?
The GDPR requires you to process personal data securely using appropriate technical and organisational measures. What’s appropriate for you will depend not just on your circumstances, but also the data you are processing and the risks posed. You must assess your information security risk and implement appropriate technical controls.
The Information Commissioner’s Office and the National Cyber Security Centre (NCSC) have worked together to develop an approach that you can use when making this assessment. It allows you to consider common expectations and either follow existing guidance, use particular services or develop your own processes if you have appropriate knowledge and resources to do so.
The approach is based on four aims:
managing security risk;
protecting personal data against cyber-attack;
detecting security events; and
minimising the impact.
Share this post: