GUEST BLOG - Working from home and GDPR
Posted on 21st November 2020 at 19:30
In this new era of working from home we still have to be mindful of our responsibility to protect data.
Data Protection specialists Data Sense have kindly written this guest blog post to help you check whether you are keeping data secure at home.
Use a VPN where possible. This is something that your IT company or department should be able to set up and it helps make home wifi more secure. If you can't set up a VPN ensure your Wifi is secure, if you have never changed the password on your router, now would be a good time to do it. If you can have separate partition for you and the kids that would be great as this will prevent any viruses they pick up from permeating the whole network.
Keep any hardcopy/paper records locked in a cabinet/cupboard when you are not using it
Password protect any documents that you are sending that contain personal data
If you are transporting any documents containing personal data keep it in a locked box
Make sure other family members don’t have access to the personal data
Report a data breach immediately to your data protection officer
What is personal data?
Personal data means any information relating to an individual such as a name, email address, home address, telephone number, an identification number, location data, ethnicity and disabilities.
What is a data breach?
A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
What are your responsibilities under GDPR?
The GDPR requires you to process personal data securely using appropriate technical and organisational measures. What’s appropriate for you will depend not just on your circumstances, but also the data you are processing and the risks posed. You must assess your information security risk and implement appropriate technical controls.
The Information Commissioner’s Office and the National Cyber Security Centre (NCSC) have worked together to develop an approach that you can use when making this assessment. It allows you to consider common expectations and either follow existing guidance, use particular services or develop your own processes if you have appropriate knowledge and resources to do so.
The approach is based on four aims:
managing security risk;
protecting personal data against cyber-attack;
detecting security events; and
minimising the impact
If you need any help with any of the above then our friends at Datasense would be happy to help, please contact them on 01604 372355
Share this post: