How to stay GDPR compliant on the move
The uncertainty of this last two years has resulted in a huge shift in the ways that many businesses operate. As we look to establish a new normal, one emerging trend appears to be here to stay – Hybrid working.
Although hybrid and remote work has always existed, it has been propelled into the mainstream by the pandemic and the desire for this working solution amongst employees and business owners is becoming abundantly clear. However, Hybrid working unearths a myriad of complexities, problems, and questions for the future of data protection.
Hybrid and remote working enables employees to choose a blend of working on the go, working at home or in the communal office. For many organisations it will mean establishing new ways of working, creating a change in habits and a significant culture shift.
Nearly all of Britain’s 50 biggest firms are using hybrid or remote models, with over a million UK workers not returning to the office full-time. However, for many companies it has become apparent that important processes put in place by compliance teams whilst in the office may have become blurred. One of the most prevalent issues needing to be addressed is how teams can remain GDPR compliant when they choose a flexible working option.
Every organisation has a legal responsibility to safeguard sensitive information, including confidential matter that is taken outside of the premise. This includes anything both physical items such as paperwork and presentation, or digital documentation that can be viewed on a computer, laptop, or mobile device. Sensitive information that is out in the open is always open to exploitation.
Regardless of which workplace an employee chooses, it is crucial to maintain compliance standards. Just as health and safety remains an important aspect to day-to-day life, GDPR should also be a key topic when going about our time at work.
When workers are on the go, working a hybrid style or working remote, it leaves them vulnerable to a multitude of problems. Privacy and security are equally important online and offline. All too often, an employee could be exposing confidential items and data openly, without even realising it. Working on a laptop on the train, leaving documents uncovered whilst working in a coffee shop, discussing sensitive information whilst in a virtual meeting in a public place all may lead to unwanted exposure and serious GDPR breaches.
Online data and privacy
Because of data moving back and forward with an expanded network between multiple devices and the possibility of workers using public networks, it immediately increases risks of breach due to employees not being fully protected. Identity threats, loss of data control and major cyber security breaches are all possible and with GDPR regulations stating that any security leading to the accidental or unlawful destruction, loss, unauthorised disclosure of, or access to protected data are defined as a breach.
It’s time to get serious about defending data!
There are many ways to maintain a high level of security whilst online; data encryption and encrypted memory banks/sticks can help data become inaccessible without a key/code.
Moreover, protecting your screen from undesired attention on the go is crucial, privacy filters on both phones and laptops can keep sensitive information out of sight
Document protection
With 44% of employees surveyed stated that they take documents from work back to their house* and 94% of employees stated they still print documents regularly*, it’s clear that physical data still requires protection. However, only 22% have access to a shredder* in all workplaces. Keeping physical documentation safely stored, shredded, or organised is still a crucial objective to maintain GDPR excellence. As GDPR still applies to work documents you handle while working at home, having work solutions in place including shredders, filing organisers and security wallets will help maintain compliancy.
Guarding your luggage
Did you know, in the finance sector 25% of breaches are due to lost or stolen devices and are the most frequent cause of data leakage**. While online and software-based threat are high on an organisation’s agenda, monitoring physical security is equally as important. Hybrid workers on the move could be at risk of opportunistic theft. Secure workplace solutions can minimise this risk. IDC recently reported that 52% of IT managers who were subject to laptop theft, believe that they could have been prevented, by a lock. ***
Solutions such as luggage locks, secure backpacks/ laptop cases and security device locks can be the difference between risk mitigation and a major fine. Remember, when a portable device is stolen, the risk of data being compromised increases considerably. This can lead to serious risks for the for the organisation and significant fines responsible for the data breach.
Physical security is one easily attainable objective within the GDPR Framework. The key to remaining GDPR complaint on the move is to understand that GDPR compliance is not a linear, copycat to-do list for every team member and division. It is important that all employees, most importantly those working in remote, or hybrid styles – feel they have been protected accordingly and have been given the right tools and support to do their job the best they can without any worry.
With one in five data breaches caused by human error, organisations must educate and support employees, expand help desk support, and drive a culture where it’s ok to flag concerns. ****
If you enjoyed reading about our tips on how to stay GDPR compliant on the move, be sure to follow us on our social media by clicking below to be the first to hear about our latest news and blog posts.
* Fellowes Shredder research study, May 2019 by B2B International in commission of Fellowes. Statistic are given based on the combined results from DE, UK and FR—600 respondents. And Shredder research study, July 2018 by Marcommit in commission of Fellowes. Statistics given are based on the combined results from 7 EU countries and 7218 respondents. Fellowes Shredder research study, May 2019 by B2B International in commission of Fellowes. Statistic are given based on the combined results from DE,UK and FR—600 respondents
** https://www.bitglass.com/press-releases/financial-services-breach-report-2016
***Kensington, 2007. Laptop Security: The Threat of Theft and Lo ss of Laptops for the SME, International Data Group.
**** https://www.finextra.com/blogposting/20995/three-compliance-considerations-for-hybrid-and-remote-working