Mike Tyson once said, ‘everyone has a plan, until they get punched in the face’ and it’s safe to assume that every business leader is simply rolling with the punches as they attempt to tackle the impact that the recent outbreak of coronavirus has had on their business.
With many businesses now working remotely, business leaders have been working around the clock to ensure their teams are set up with all they need but have you stopped to consider your data protection policies and whether or not your business is covered when employees are working from home?
As defined by the Data Protection Act 2018 (DPA), it is the act of protecting any personal data that your business is in possession of and how this data is used or shared by your business. When considered data protection policies there is a strict set of rules that businesses must follow, called the Data Protection Principles. The way businesses use their data is judged by the Information Commissioners office (ICO) to assess whether they are acting responsibly.
The UK ICO recently released a statement about data protection and home working. Stating “Data protection is not a barrier to increased and different types of homeworking. During the pandemic, staff may work from home more frequently than usual and they can use their own device or communications equipment. Data protection law doesn’t prevent that, but you’ll need to consider the same kinds of security measures for homeworking that you’d use in normal circumstances.”
In her recent video with us, Corporate and Commercial lawyer and associate InPD tutor, Erika Moralez-Perez shared with us her recommendations for you to consider when looking at your data protection policy with regards to home working. If you’re short on time, Erika’s bitesize video is located below.
What should you be considering?
In her video below, Erika goes into detail about each consideration, what you need to be looking at and why. You can watch her video below.
Here is where you think about informing your employees on the new amendments you have made to your data protection policy. Typically, this responsibility would fall to the data processor or data controller, but if you don’t have these people in place the responsibility would fall to the business owner.
This step can easily be achieved by recording a short video call or webinar that covers all the important information and where employees can find a copy of their new responsibilities and the revised data protection policy. Alternatively, you could send a detailed email about the updates.
Whichever you choose, remember to be mindful to be clear on the updates and the implications of not following the requirements.
A few well spent hours of revising your data protection policy can save you hours of wasted time and stress, whilst protecting your business from fines and reputational damage.
Watch Erika’s protecting your business whilst working from home video here:
If you would like to know more about what we do visit INPD or head over to our Linked In page.