Maintaining GDPR compliance when staff are working from home. What security measures should you take?
When working practices change and you have less visibility over staff, how do you ensure that data protection regulations are being followed correctly? The disruption organisations are facing through this current pandemic has not lessened regulatory oversight – your company still needs to ensure GDPR compliance.
While official GDPR publicity has been reducing of late, the risks are still prevalent, with reports of one in ten Brits working from home being non GDPR compliant. Whilst the majority of enterprises have implemented good practice for maintaining data records, there are a number of challenges with the protection of this data across a distributed workforce.
Within the confines of the corporate office high quality security controls are commonplace, and if a GDPR Subject Access Request should arrive most organisations would be able to comply in good time. However, in March 2020, the challenge of tracking personal data increased when the nation began working remotely. Now, if your company receives a data subject access request (DSAR) as a result of the GDPR’s right of access, instead of a relatively short query of the corporate databases; you might need to check with employees working from home, ensuring that files have been saved to the enterprise network rather than saved locally.
How do you respond to a GDPR request when data is distributed?
In corporate environments, we protect the perimeter, install intrusion detection, and cover black holes by addressing security issues as we find them. Can we do the same for disparate endpoints? We need to find ways to secure the PCs, laptops, and home PCs, and then we need to be able to locate personal data to respond to GDPR requests.
There are a number of software packages that can identify personal data from digital signatures and postcodes and that can scan any number of key documents. These queries can be executed overnight on corporate servers, but they are not suitable when colleagues are distributed and working in a less formally managed setting.
Northdoor’s Data Discovery solution provides all of these key functions. It scans a server for data (such as credentials and names) and can deploy an agent to all endpoints; these endpoints are scanned according to your security policy whenever each machine attaches to a network. This means that if an employee attempts to save certain files locally, it will provide a warning to the user, notify a systems administrator, or stop the action altogether.
The nation has had to adapt to remote working fast.
With reports suggesting working from home will become the new normal, it is important to remember that GDPR still applies. It is paramount that enterprises consider the risks of breaching compliance and implement ways to avoid GDPR risks.
For most corporates, it should be standard to use VPNs, encryption and Antivirus software to implement security. Most companies can deploy security correctly on their own machines, but the risk comes when employees use their personal devices.
At Northdoor, we encourage our managed services customers to build an internal culture that’s security-aware and to extend these practices to their customers. Ensure your organisation maintains compliance when staff work from home to avoid breaching GDPR rules and potential fines. Remember that whilst the working environment has changed for many of us, the GDPR rules remain enforced, and serious breaches will not be ignored.