GDPR failings with home working brits as law celebrates its second anniversary
The General Data Protection Regulation (GDPR), the toughest privacy and security law in the world, celebrates its second anniversary today. Launched on 25th May 2018, GDPR was introduced to protect the data of anyone living, or doing business with, those in the European Union and European Economic Area.
GDPR, over the last two years, has presented a real challenge for SMEs who have had to alter their practices with regards to the storing of personal data, how it is shared and how well it is protected. Although an initial challenge, businesses adjusted and there has not been many fines imposed on businesses, or at least not as many as was expected.
However, recent research conducted by IT support company ILUX, has revealed some eye-opening revelations that business owners should consider around GDPR now that their workers are being forced to work from home. The independent research was conducted with 2,000 home working Brits and revealed that one in ten believed that their expected working practices imposed by their employer are not GDPR compliant. With over 20million people working from home, that equates to 2million potential fines for businesses should a breach occur.
13% of the workforce surveyed admitted that they are using their own home technology for work. Accessing data on a potentially unsecured computer system, via a home network and even printing documents at home, could all lead to a data breach. This could be the catalyst for employees concerns over GDPR compliance and a sign, after over two months of lockdown, that business owners should be checking in with their employees on important issues like compliance.
James Tilbury, Managing Director at ILUX, comments: “Whilst, as business owners, we may be busy, stressed and frankly trying to keep our heads above water, it is not a time to be complacent. Asking employees to work from home and then not providing the right computer systems and security measures is a recipe for disaster. The last thing any business needs, especially at the time of an impending recession, is to lose valuable data, be the target of a cyber-attack or phishing and be hit with a hefty fine for breaching GDPR guidelines.”.
GDPR was brought in to strengthen data protection for individuals across the EU, all UK companies that process personal data must comply or risk significant financial penalties. For a business, not complying could have significant implications on business relationships let alone the potential loss of four percent of their turnover as a fine for the breach.
Tilbury continues: “Employees should only use business devices, not home computers, phones and/or tablets to transfer data. All devices should have the latest patches applied, to ensure security vulnerabilities or other bugs are fixed, as well as anti-virus, anti-spam and web protection. Home computers will, most likely, not have these applied. Nine in ten is a positive figure, better than would be expected, but as a business owner I would be starting to ask myself “Did I plan enough for home working” and get some advice from an industry professional on how you might rectify any GDPR issues in my business, now. Better to be proactive than reactive in these situations.”