8 ways to ensure data privacy while working from home

Working from home is not only a hot topic in the media, but it’s part of the everyday lives of millions of employees. However, if you were to look for this term in the official data privacy regulations, you would be searching in vain. Many laws still refer to a slightly outdated term: “teleworking”.  

After the outbreak of the coronavirus pandemic in March 2020 caused thousands of small, medium-sized and large companies to send their staff home to work remotely, with practically no time to prepare, the issue of data privacy for them is now even more pressing. Here, we have compiled our most important recommendations for compliance and data privacy while your employees are working from home.

In this article 

Company responsibility for data privacy at home  

Important to know: The responsibility for data privacy is that of the company itself, and sometimes one person in the case of sole traders. You cannot delegate this responsibility by enabling staff to work from home. If there is a data breach as a result, you must bear the consequences.  

Therefore, it’s crucial to be aware of which data is considered particularly sensitive in accordance with the General Data Protection Regulation (GDPR). This includes health data, biometric data, details about religious persuasion, and ethnic background. The more sensitive the data, the greater the need for protection. For the highest degree of confidentiality, it is important to also take precautions when working from home.  

 

Here are 8 ways companies can ensure their employees are taking the proper measures to protect sensitive data while working from home.  

1. Utilize data protection agreements 

Ideally, employers should already have entered into a written policy agreement with their employees regarding working from home, before they spend their first working day outside the office. The second-best time is now, because after all, it is better late than never.  

Such an agreement, signed by both parties, should not be a standard template from the internet, but should be individually tailored to the situation of the company, and it should inform employees about their obligations. In any case, it should include a confidentiality policy which also applies to other members of the household, if the workstation is not clearly separated from the rest of the home. 

2. Separate work and private life 

Depending on the circumstances, the best solution for employees working from home is their own lockable office. If this is not possible, the screen at least should be protected against prying eyes. Privacy filters and films are an option in this case.  

Software and hardware, such as laptops and common office programs, should also be provided entirely by the employerThis way, the work computer will only be used for work purposes, and private use will only take place outside of working hours. Of course, confidential phone calls cannot be made in the presence of third parties. 

3. Encrypt data and set up passwords 

Encryption at home starts with your internet connection. For example, an open WiFi connection is more convenient, but a LAN network is considerably more secure. If plugging in the cable is bothersome, you can take comfort in the fact that a LAN connection should also be faster. There are now various encrypted messenger services for internal company communications. However, the hard drive on the work computer itself should also be encrypted, and after being inactive for a maximum of ten minutes, the screen should lock automatically.  

Two-factor authentication upon login also offers additional security. This is where a smartphone, for instance, is used as a second, independent device. USB sticks that have been left lying around are not just a major data privacy risk in the home office. If this cannot be avoided, encryption is also an option. Ultimately, it might be worth blocking USB ports completely for external storage.

 

4. Avoid data clutter 

What is good for the environment is also good for data privacy, and preventing waste is better than separating waste. In other words, avoid data clutter. Data clutter encompasses any unnecessary files and copies on other data carriers - personal data should be processed as little as possible, as mandated by the GDPR.  

However, waste in a direct sense also includes unnecessary paper printouts. Under no circumstances should they be put in the wastepaper bin at home! When paper copies are produced, they should be stored in a lockable cabinet and shredded in the office at the earliest opportunity. 

5. Have a clean desk

If the desk is tidy, the work is tidy. What applies in the office is also sensible advice to follow at home: employees should follow the clean desk policy and clear their desks when they finish work, so that they can start the following morning without having to dig out their laptops from underneath mountains of paper.  

Leaving printouts with sensitive data lying around is also completely out of the question. Even if you are away from your desk for just a short period of time, they belong in a locked cabinet. 

6. Set the right standard 

Due to the outbreak of COVID-19, the global crisis has also caused standards to slip in terms of data privacy. Governments, supervisory authorities, employers and employees have been forced to improvise, and what seemed unimaginable yesterday is now something of a reality.  

However, even if parameters have shifted because of the crisis, this is by no means carte blanche to brush data privacy aside. Instead, it must be evaluated, and new standards must be set.  

When it comes to the question of whether an employee has visited high-risk areas during their time off work, the employer’s duty of care towards its staff may weigh more heavily than data privacy. In times of crisis, the following basic rule applies: all measures that infringe other rights are to be promptly taken care of. 

ways to ensure data privacy in the homeoffice

7. Maintain control 

Working from home requires a certain leap of faith on the part of the employer, and experience shows that this trust is very rarely betrayed. Pedantic check-up calls make little sense and can have a rather demotivating effect.  

Nevertheless, the employer still has a responsibility for data privacy when working from home and should therefore ensure certain means of control. On the other hand, the sanctuary of one’s own home is afforded extra-special protection by the constitution. Unannounced visits to an employee’s home are therefore out of the question from the outset. However, the home office agreement should specify how control measures can be made possible. 

8. Report incidents 

If, despite all data privacy precautions, data breaches occur at an employee’s home, open and honest communication is of paramount importance. The employee should know how to report relevant incidents to his/her employer. Not every data breach must then be reported by the employer, and an external data protection officer can help clarify what must be reported. 

Learn more about how to avoid fines and stay compliant with GDPR regulations here. 

Sign up to our newsletter – Get practical tips and invitations to webinars and online Q&A sessions.

Subscribe now

 

Image CTA Expert Male 1

Already curious on how to maintain privacy in the home office?

Feel free to reach out to us. At DataGuard, certified experts are at your disposal, and at eye level, who will reliably support you in data protection issues.

Book a demo
whitepaper-download whitepaper-download

GDPR after BREXIT

What is changing in UK Data Protection?

Download your guide

Contact Sales

See what DataGuard can do for you.

Find out how our Privacy, InfoSec and Compliance solutions can help you boost trust, reduce risks and drive revenue.

  • 100% success in ISO 27001 audits to date 
  • 40% total cost of ownership (TCO) reduction
  • A scalable easy-to-use web-based platform
  • Actionable business advice from in-house experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • External data protection officer
  • Audit of your privacy status-quo
  • Ongoing GDPR support from a industry experts
  • Automate repetitive privacy tasks
  • Priority support during breaches and emergencies
  • Get a defensible GDPR position - fast!

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Continuous support on your journey towards the certifications on ISO 27001 and TISAX®️, as well as NIS2 Compliance.
  • Benefit from 1:1 consulting
  • Set up an easy-to-use ISMS with our Info-Sec platform
  • Automatically generate mandatory policies
Certified-Icon

100% success in ISO 27001 audits to date

 

 

TISAX® is a registered trademark of the ENX Association. DataGuard is not affiliated with the ENX Association. We provide consultation and support for the assessment on TISAX® only. The ENX Association does not take any responsibility for any content shown on DataGuard's website.

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Proactive support
  • Create essential documents and policies
  • Staff compliance training
  • Advice from industry experts

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Get to know DataGuard

Simplify compliance

  • Comply with the EU Whistleblowing Directive
  • Centralised digital whistleblowing system
  • Fast implementation
  • Guidance from compliance experts
  • Transparent reporting

Trusted by customers

Canon  Logo Contact Hyatt Logo Contact Holiday Inn  Logo Contact Unicef  Logo Contact Veganz Logo Contact Burger King  Logo Contact First Group Logo Contact TOCA Social Logo Contact Arri Logo Contact K Line  Logo Contact

Let's talk