Covid-19: How to comply with GDPR
The pandemic caused by Covid-19 and the consequent measures of isolation and social confinement, led to the generalization of remote work. As a result, many companies were forced to restructure and find tools to adapt to a new reality. However, if the company did not have a culture of teleworking before, this change could increase the risks of data protection violations.
In this article we will look at the most common challenges related to GDPR in the context of remote work in the era of the Covid-19 pandemic, as well as some tips for dealing with them, which also can be useful in a post-Covid-19 scenario.
Protection of personal data during remote work
According to the GDPR, a personal data breach is any breach of security leading to accidental or unlawful destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.
So what circumstances related to remote work increase the organization’s vulnerability to the above-mentioned threats and constitute potential data security vulnerabilities?
From the employee’s point of view:
- Lack of compliance with guidelines regarding the processing, storage and transmission of information.
- Use of private and mobile unprotected devices (e.g. without antivirus), software and outdated systems, and compromised Wi-Fi networks.
- Use of tools that do not ensure adequate protection of personal data, or vulnerable social networks for internal communications.
- Failure to provide multi-factor authentication in VPN or other business services available on the Internet.
From the physical data security point of view:
- Moving documents and information media from one location to another, e.g. from the office to the employee’s house.
- Threats resulting from the lack of adaptation of the house as a workspace, such as the possibility of destruction or theft of sensitive documents.
From an organisational point of view:
- Lack of basic means of business continuity and spare devices.
- Potentially difficult access to employees who provide support in data protection, e.g. the IT Department.
- Lack of training, awareness campaigns and adequate communication regarding effective methods to avoid cyber attacks in teleworking.
The threats, as we have already seen, are extensive, but the ways to avoid them don’t have to be complicated or expensive. Below we list the most relevant.
How to avoid threats
Remote work policy for employees
If your organization has not yet adopted procedures for the protection of personal data as part of telework, you still have time to develop and implement such standards. In this case, the policies will be the basic guidelines adopted to meet the needs and goals set by the company.
Education and awareness
Include information about the risks of personal data violation in any established communication channel with employees. For example, it is worth raising awareness among employees who may be particularly vulnerable to a covert phishing attack with “clickable” information about the coronavirus and what they should do in this situation.
Minimum safety requirements
If remote work involves the use of the employees’ own devices, it is worth updating their knowledge about the basic principles of information processing, as well as specifying the minimum security requirements for the devices and networks they use.
Eliminate free tools
Free tools such as email or popular messaging services do not provide an adequate level of data security. The employer should instruct employees on the communication channels they accept for this purpose.
Choosing the right tool is the best data protection strategy!
We developed GetComplied to help companies comply with the GDPR and other data protection laws and avoid sanctions. Safeguarding your data is easier than it sounds, including in the complex context of the Covid-19 pandemic. You can edit all your policies, cookies and user rights on one platform!
Get in touch!
If you have any questions, please do not hesitate to contact our team via our social media or email: firstname.lastname@example.org
We also have a live chat that you can access on the wesite by clicking on the icon at the bottom right.