Home working and now home schooling: Businesses must not overlook data protection issues and risks of GDPR breaches.
Businesses with staff able to work from home now have an added complication as schools close from Friday 20 March due to the Covid-19 pandemic. Many families will now find themselves all at home sharing the same space and quite possibly the same computer devices. This brings real risks of accidental breaches of the General Data Protection Regulations (GDPR) and the Data Protection Act 2018 (DPA). Imagine for example an youngster jumping onto mum or dad’s unattended laptop to watch YouTube, and accidently forwarding a work email containing an individual’s personal data to someone who should not receive it.
Under the GDPR the business (also known as the data processor/data controller) will have a duty to inform that individual whom their confidential data has been sent. The individual has right to sue the business for any actual losses or distress caused by breach and make a complaint to the Information Commissioners Office, which can impose fines on the business.
3 things businesses should do now
Difficult times indeed and whilst businesses are rightly making their worker’s health their first and over riding priority they should make time to consider data protection issues.
- Highlight data protection issues to all staff about to work from home with other members of their family
- If you do not already have a formal ‘Working From Home’ policy in your staff handbook get one quickly and send it to all staff
- Add an email encryption service to the company email