How To Remain GDPR Compliant When Working From Home
The GDPR, or General Data Protection Regulation, which came into effect in May 2018, has drastically transformed the digital landscape.
Chances are, it has also affected how your workplace secures paper data, handles cybersecurity, and protects user information.
But when it comes to remote work, employees are left guessing. In fact, HRZone’s 2020 report on HR trends found that 57% of employers didn’t have a formal remote work policy.*
So how does the GDPR apply to remote workers? Can you even remain compliant while working from home? This is what we’ll answer in this short post.
Does The GDPR Apply To Home Or Remote Work?
That’s an easy one: the answer is a resounding yes. The risks of a data breach or losses are just as high at home as in the office, probably even more so if you don’t have the right processes or equipment setup.
This could have dramatic consequences for companies of all sizes, including lengthy legal proceedings and hefty fines. It is therefore in everyone’s interest to create a remote work policy that goes into as many specifics as possible about how remote workers handle sensitive paper based data.
What Should a Remote Work Policy Cover?
While every business will handle remote work policies differently, there are a few general guidelines to follow:
Who has permission to take paperwork home
What kind of paperwork
How it should be transported
Who can print paperwork
How to discard it
How to report lost files or misplaced data
What to do if you suspect a data breach
How to Handle Home Encryption and Security
Here again, it’s hard to come up with a one-size-fits-all policy, but generally you’ll want to ensure your Wifi network is secure, and that business digital files are properly encrypted. Elsewhere, common sense applies; you should lock your screen when not in use, use strong passwords and 2FA (2 factor authentication) when possible.
The IT department could also set up a device monitoring tool, to ensure no suspicious traffic is coming or going to the remote worker’s computer. It’s common practice to use a VPN, or Virtual Private Network, to ensure any communication or file transfer is under control.
Having the Right Home Equipment
Going back to the HRZone report, one of the biggest complaints from home workers is that they lack the proper equipment. 40% or remote employees said they did not have the right tools.*
That equipment will include software and hardware as well as consumer electronics. Computers and laptops with the appropriate security tools for login, encrypted removable devices, and even business machines to dispose of important information such as paper shredders.
Do You Really Need to Shred Documents?
Once again, the answer is yes. Many people assume the GDPR only covers digital data, while in fact it also has strict guidelines on how to deal with paper-based sensitive documents.
It is highly recommended that you shred documents that have been removed from your workplace and taken home for business use. This also applies to any sensitive or confidential documents that you print yourself at home for business or personal reasons.
This is where having the correct paper shredder can go a long way in helping you remain compliant. Generally speaking, you should ensure:
Your shredder works with the right materials: paper, of course, but also stapled or paperclipped documents, and even credit cards and CDs.
It meets the right security level: there are 7 DIN security levels for shredders, ranging from P-1 to P-7, which meet different requirements, from non-sensitive data to top-secret military reports. The higher the P-Rating, the smaller the size of the shredded particle; making it more secure.
There are additional features to consider depending on where the shredder will be used, how much shredding you will do and other variables. You can click here for Rexel’s complete guide on choosing the right paper shredder to support being GDPR compliant. We also offer a range of small automatic shredders that are ideal for home offices.
Contrary to popular belief, the GDPR doesn’t only cover digital data. It also describes how workers, both at home and the office should handle paper data.
So, whether you’re a business owner, executive or employee, it is your duty to ensure that all data is properly handled, encrypted, protected, and disposed of.
And just remember that GDPR protection at home starts with the right remote work policy, but also the appropriate tools and equipment.