The necessary shift towards home working during the current pandemic has raised concerns over GDPR compliance risks according to a new report from confidential shredding company GoShred.
Within their report which is featured in ITProPortal’s article, GoShred state that a fifth of remote workers within the UK have been found to be printing sensitive and confidential documents at home, causing concerns for employers and organizations when it comes to GDPR compliance risks.
Paperwork being printed at home including payroll data, medical information, application forms and other personal data are some of the examples cited which could cause legal headaches and disputes for companies, including fines and other severe sanctions which form as part of the consequences of GDPR.
What Is Causing GDPR Compliance Risks for Remote Workers?
One of the key causes for these GDPR compliance risks is said to be confusion expressed by remote workers on how they should be disposing of private and confidential paperwork whilst away from their usual workplace.
The survey uncovered that:
• A quarter of those asked said they were planning to bring data sensitive documents back to the office with them once they were able to return.
• A further 24% stated they had a shredding machine at home, but had thrown shreddings into their bin (something discouraged according to GDPR guidelines)
• 8% had no plans to dispose of these types of documents, with an alarming 7% commenting that they were unsure on how they should correctly dispose of paperwork.
Failure to address these GDPR compliance risks posed by home workers could lead to company specific information and sensitive data falling into the wrong hands, landing both companies and any employees responsible threatened with legal ramifications.
How Can Potential GDPR Issues Be Avoided Whilst Working from Home?
Whilst the ICO (Information Commissioner’s Office) have expressed that they will take current circumstances into account when addressing GDPR compliance risks and concerns, they do re-enforce that employers and employees should ensure they are continuing to be responsible with data whilst working from home.
Iain Bourne from business advisory firm Grant Thornton, provides several key points for employees and employers to consider during the current need for working from home practices.
• “Use work-provided devices to store and access work information whenever possible. Avoid storing work information on personal devices unless authorised to do so.”
• “Try to maintain a safe area when working from home to make it easier to hold confidential phone calls. Don’t forget to tidy away papers and lock devices away at the end of the day.”
• “If printing is enabled, make sure any confidential documents are in secure storage and are shredded if no longer used. Papers that cannot be securely disposed of should be secured until they can be returned to the workplace for secure storage or destruction.”
• “Position screens and papers so that they cannot be read by others. In data protection family members are just third parties to whom information must not be disclosed.”
• “Do not be tempted to show interesting work information to family members or others in your home. This would constitute an unauthorised disclosure in data protection terms.”
• “Don’t use work devices to do personal internet browsing or to conduct other personal business, unless authorised to do so.”
• “Do not connect work devices to networks unless these are subject to suitable security as set out in the relevant security policy.”
• “To protect your own privacy, disable camera and audio recording devices if not necessary. Lock your device when not in use.”
• “Stick to the usual rules when sharing information with third-party organization, e.g., encrypting attachments and verifying recipient’s details.”