Mike Tyson once said, ‘everyone has a plan, until they get punched in the face’ and it’s safe to assume that every business leader is simply rolling with the punches as they attempt to tackle the impact that the recent outbreak of coronavirus has had on their business.
With many businesses now working remotely, business leaders have been working around the clock to ensure their teams are set up with all they need but have you stopped to consider your data protection policies and whether or not your business is covered when employees are working from home?
The basics: what is Data Protection and why should you consider it?
As defined by the Data Protection Act 2018 (DPA), it is the act of protecting any personal data that your business is in possession of and how this data is used or shared by your business. When considered data protection policies there is a strict set of rules that businesses must follow, called the Data Protection Principles. The way businesses use their data is judged by the Information Commissioners office (ICO) to assess whether they are acting responsibly.
The UK ICO recently released a statement about data protection and home working. Stating “Data protection is not a barrier to increased and different types of homeworking. During the pandemic, staff may work from home more frequently than usual and they can use their own device or communications equipment. Data protection law doesn’t prevent that, but you’ll need to consider the same kinds of security measures for homeworking that you’d use in normal circumstances.”
What should be considered when reviewing a data protection policy?
In her recent video with us, Corporate and Commercial lawyer and associate InPD tutor, Erika Moralez-Perez shared with us her recommendations for you to consider when looking at your data protection policy with regards to home working. If you’re short on time, Erika’s bitesize video is located below.
What should you be considering?
- What devices are your employees using to complete their work?
- How do your employees access the system?
What data is transferred for employees to do their job and how is the data stored once received? - The use of wireless networks.
- The encryption of emails that contain personal data.
In her video below, Erika goes into detail about each consideration, what you need to be looking at and why. You can watch her video below.
You’ve reviewed your data protection policy and considered the above, so what should you do next?
Here is where you think about informing your employees on the new amendments you have made to your data protection policy. Typically, this responsibility would fall to the data processor or data controller, but if you don’t have these people in place the responsibility would fall to the business owner.
This step can easily be achieved by recording a short video call or webinar that covers all the important information and where employees can find a copy of their new responsibilities and the revised data protection policy. Alternatively, you could send a detailed email about the updates.
Whichever you choose, remember to be mindful to be clear on the updates and the implications of not following the requirements.
The key takeaways:
- Review your Data Protection Policy,
- Consider the key considerations mentioned above,
- Revise your systems and processes and act accordingly,
- Educate the workforce of new measures surrounding remote working and data protection.
A few well spent hours of revising your data protection policy can save you hours of wasted time and stress, whilst protecting your business from fines and reputational damage.
Watch Erika’s protecting your business whilst working from home video here:
If you would like to know more about what we do visit INPD or head over to our Linked In page.
