The explosion in home working in recent weeks will have presented many firms with logistical challenges just to ensure that continuity of service to clients and customers is maintained. But in their haste to protect their workforce and service clients’ or customer’s needs, businesses must not overlook the importance of ensuring that GDPR obligations are met and that client or customer confidentiality is maintained.
GDPR requires data controllers to take steps to ensure that personal data is held securely. Maintaining security over mobile devices is more complicated for employers than for hardware which remains at the office. This is even more problematic if the device being used is owned by the employee.
The access and storage of company data presents particular problems. The employee is likely to store such data on their own device and, in practice, it will probably not be practical for the employer to prohibit the use of personal devices.
An additional challenge for employers is to ensure that all company information has been returned and copies deleted on termination of employment.
Employers should carefully consider:
- which work systems, if any, employees are permitted to access on their personal devices;
- how to ensure that any systems are secure; and
- how to ensure employees cannot mix work data with their own personal information.
All employers need policies detailing these procedures. They will need to ensure that employees are regularly trained and must carry out regular compliance checks Employees will need to understand what rights employers will seek to enforce relating to monitoring employees and information. If your business does not yet use encrypted data facilities, now might be a good time to start.
For further information on this or any other area of Employment Law, why not contact one of Alexander JLO’s expert employment lawyers and see what we can do for you?