GDPR failings with home working Brits as law celebrates its second anniversary

GDPR failings with home working Brits as law celebrates its second anniversary

The General Data Protection Regulation (GDPR), the toughest privacy and security law in the world, celebrated its second anniversary on Monday 25 May. Launched on May 25, 2018, GDPR was introduced to protect the data of anyone living, or doing business with, those in the European Union and European Economic Area.

GDPR, over the last two years, has presented a real challenge for SMEs who have had to alter their practices with regards to the storing of personal data, how it is shared and how well it is protected. Although an initial challenge, businesses adjusted and there have not been many fines imposed on businesses, or at least not as many as was expected. 

However, recent research conducted by IT support company, ILUX, has revealed some eye-opening revelations that business owners should consider around GDPR now that their workers are being forced to work from home. The independent research was conducted with 2,000 home-working Brits and revealed that one in 10 believed that their expected working practices imposed by their employer are not GDPR compliant. With over 20 million people working from home, that equates to 2 million potential fines for businesses should a breach occur.

A total of 13% of the workforce surveyed admitted that they are using their own home technology for work. Accessing data on a potentially unsecured computer system, via a home network and even printing documents at home, could all lead to a data breach. This could be the catalyst for employee concerns over GDPR compliance and a sign, after over two months of lockdown, that business owners should be checking in with their employees on important issues like compliance.

James Tilbury, Managing Director at ILUX, said: “While, as business owners, we may be busy, stressed and frankly trying to keep our heads above water, it is not a time to be complacent. Asking employees to work from home and then not providing the right computer systems and security measures is a recipe for disaster. The last thing any business needs, especially at the time of an impending recession, is to lose valuable data, be the target of a cyberattack or phishing and be hit with a hefty fine for breaching GDPR guidelines.”

GDPR was brought in to strengthen data protection for individuals across the EU. All UK companies that process personal data must comply or risk significant financial penalties. For a business, not complying could have significant implications on business relationships, let alone the potential loss of 4% of their turnover as a fine for the breach.

Tilbury said: “Employees should only use business devices, not home computers, phones and/or tablets to transfer data. All devices should have the latest patches applied to ensure security vulnerabilities or other bugs are fixed, as well as antivirus, antispam and web protection. Home computers will, most likely, not have these applied. Nine in 10 is a positive figure, better than would be expected, but as a business owner I would be starting to ask myself ‘Did I plan enough for home working’, and get some advice from an industry professional on how you might rectify any GDPR issues in my business, now. Better to be proactive than reactive in these situations.”

Browse our latest issue

Intelligent CISO

View Magazine Archive