Mark Halstead, director of Red Flag Alert, writes about why GDPR matters to everyone working from home.
Whether you work from home as a freelance or as part of a flexible working arrangement that lets you be more of a dad, it might seem that data protection doesn’t apply to you. GDPR, the snappy name for the General Data Protection Regulation, was high on the news agenda a year ago as businesses scrambled to ensure they were compliant before the deadline. But it’s still relevant even though it’s no longer in the news as much.
The new guidelines governing the management and access to data confused and worried many professionals. They don’t need to be scary though. Whether you work for yourself or for an organisation on a remote basis, here are the risks you need to be aware of and how to mitigate them:
The complexities around GDPR mean that different businesses are impacted in different ways. However, there are several points you need to be aware of:
Privacy Information ‐ You must have a privacy notice and within this notice, you must tell your clients/customers how their data will be used, the basis for requesting their information, and how long you plan to hold it.
Data Breach ‐ If you’re working from home and your laptop is stolen or hacked, you have 72 hours to inform your customers under GDPR legislation. Guidelines also state that companies should have effective protocols in place to reduce the chance of this happening.
Right to Access ‐ Clients/customers have the right to request access to the data you hold on them at any time. You should be able to communicate this information easily and for free, in the form of a report which also highlights how the information is being used.
Data Removal ‐ If a client requests for their data to be removed, you should erase their information quickly and easily.
There are several different ways you can protect yourself when working from home and practical steps you can take to ensure you’re compliant:
Educate yourself on GDPR ‐ It sounds obvious, but fully understanding GDPR guidelines is essential to making sure you have considered the different ways in which they could impact your particular circumstances.
Upgrade security ‐ Data security is an essential part of GDPR and an aspect that you might not consider as much at home. This includes the likes of setting up a screen lock when your device is inactive or encrypting portable data such as a USB drive to help you avoid the danger of a security breach.
Review your data ‐ It’s important to take the time to look at the data you currently hold. If someone was to question your legal right to hold it, do you have evidence to show that the individual has given consent? If not, you could be putting yourself at risk.
Review privacy notice ‐ If you collect data, it’s time to review your privacy notice. Make sure you’re asking for consent then subsequently ensure you’re being clear with the individual about how their information will be used and how long you plan to hold it.
By complying with GDPR guidelines even when working from home, you can be sure that you’re protecting the individual and protecting yourself from the legal ramifications of falling foul of GDPR data.
Mark Halstead is a director at Red Flag Alert. Red Flag is a data intelligence platform which generates information on the financial health of UK businesses, helping you mitigate risk in business.