In response to the increasing challenge of Coronavirus and in light of rapidly evolving advice, Tozers has taken steps to ensure that we continue to provide you with our usual client service whilst also maintaining the safety of our clients and colleagues. Please see our full update here.

Complete the form below to ask us a question or make an enquiry. We’ll get back to you via phone or email as soon as possible.

Insights

Coronavirus, remote working and the implications for data protection

Posted on 26th March 2020 in Intellectual Property, Employment, Coronavirus Pandemic

Posted by

Dan Griffin

Associate and Solicitor
Coronavirus, remote working and the implications for data protection

Implementing remote or home working makes complying with data protection requirements more difficult as increased volumes of personal data are stored electronically and transmitted online. Here are 5 points worth considering to help maintain compliance.

Keep data within the organisation’s security environment

This is probably the greatest risk. Employees may turn to personal devices to work and use their own unsecured internet connections. This exposes personal data to significant risk of unauthorised access. The GDPR requires ‘appropriate’ technical and security measures, allowing the use of personal devices for the storage of data or personal email accounts is unlikely to be sufficient.

Data controllers remain responsible for personal data even where it ends up on a personal device belonging to an employee. This makes responding to a subject access request difficult where retrieving data relies on accessing personal devices.

Assess whether providers of remote working are secure

Remote working may depend data being stored on remote servers or transmitted via external networks. Data controllers remain responsible for personal data, even though it leaves their immediate control. The security of these providers should be assessed.

Check whether remote working means data (or greater volumes of data) will be processed outside the UK and EEA

The GDPR prohibits transfers of personal data outside of the EEA without certain safeguards in place. For most providers of remote working services these will be ‘standard contractual clauses’ but some due diligence is also required to ensure they are sufficiently secure. Most of the large providers of cloud storage have addressed this satisfactorily. Smaller operators may have not.

Continue to educate staff about security

Most data breaches occur due to human error. Threats to security as a result of a large proportion of the workforce working remotely are evolving. Phishing scams are likely to target emotions, preying on a thirst for information and an increased feeling of isolation. It is important to keep reminding staff of these threats. The National Cyber Security Centre continue to issue useful guidance.

Plan for the long term

The situation may not return to normal soon so it probably isn’t enough to rely on temporary measures to maintain data security. The ICO say they will show forbearance for now but patience is likely to be quickly exhausted when having adjusted to the changes, they are faced with excuses for why data security has been compromised.

Only small slips (such as a few days of home working without access to secure remote file storage) could store up potential problems for the future which are difficult to resolve.

Company & Industry

Related Insights

Insights

How land laws are affecting the UKs housing crisis

Posted on 04th May 2020 in Affordable Housing

At the heart of the UKs housing problem is a six decade old piece of planning legislation. The Land Compensation Act 1961 sets a floor on the price of land based on the most profitable uses imaginable.

Posted by

Stephen Burtchaell

Partner and Solicitor
Insights

Could modular homes be the solution to the housing crisis?

Posted on 20th April 2020 in Affordable Housing

With the housing crisis growing across the country industry experts are divided about which solutions are best suited to meet the demand. One potential solution is the implementation of modular housing.

Posted by

Stephen Burtchaell

Partner and Solicitor