Data Protection Challenges of Hybrid Working

As organisations evaluate the post-pandemic long-term options for hybrid working, now is a very good time to assess what it means for your team, and how to make it safe and sustainable.

In our latest infographic we analyse the data protection challenges and pitfalls, and provide you with a checklist to help decision making.

CONSIDER

Introducing new technology to facilitate and enhance team productivity.

  • Training provided and understanding checked?
  • Easy for staff to access? (So they don’t shortcut!)
  • Controls and training for anyone else using the system?
  • Lines of reporting and monitoring?

CONSIDER

Staff and others Accessing Multiple Digital Platforms.

  • Who owns the device?
  • Which apps and software are being used?
  • Anyone else using the device or Internet connection?
  • Robust password controls?
  • Is the data being processed in the UK/EU?

CONSIDER

Processing data between the home-office and office, and using co-working space(s).

  • Who can see the device/paper/system in use?
  • Who see it when not in use?
  • Private space for confidential conversations or work?
  • Are USB sticks/drives or DVDs being used?
  • Where is the personal data is being processed?
  • What format is the personal data?

Tips and Solutions

  • Remember GDPR also applies to paper files, not just digital ones.
  • Conduct a GDPR Audit to identify areas of risk.
  • Review and update your register of processing activities (your ‘data map’).
  • Keep your asset register (hardware, software) up to date.
  • Consider a Data Protection Impact Assessment for new or changing technology or processing activities.
  • Review and update policies to ensure they reflect the hybrid working model you are adopting.
  • Establish robust lines of communication for reporting, monitoring and managing the processing of personal data.
  • Provide updated data protection and security training to your staff who are affected by hybrid working and check their understanding.
  • Provide regular data protection training to people who are affected by hybrid working… and check their understanding.