CINXE.COM

Tips to keep your company GDPR compliant while working from home

<!DOCTYPE html><html lang=en-US class="no-js no-svg"><head><meta charset=UTF-8><meta name=viewport content="width=device-width, initial-scale=1.0"><link rel=profile href=http://gmpg.org/xfn/11><link type=text/css media=all href=https://gdpr.eu/wp-content/cache/autoptimize/css/autoptimize_5b670c3f41f6d1c9d284128a1816dcbc.css rel=stylesheet><title>Tips to keep your company GDPR compliant while working from home</title> <script>(function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.6"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <meta name=description content="If you’re managing remote teams, securing personal data should be a top priority. This article describes some easy ways to protect information."><meta name=robots content="max-snippet:-1, max-image-preview:large, max-video-preview:-1"><link rel=canonical href=https://gdpr.eu/working-remotely-data-security/ ><meta property=og:locale content=en_US><meta property=og:type content=article><meta property=og:title content="Tips to keep your company GDPR compliant while working from home"><meta property=og:description content="If you’re managing remote teams, securing personal data should be a top priority. This article describes some easy ways to protect information."><meta property=og:url content=https://gdpr.eu/working-remotely-data-security/ ><meta property=og:site_name content=GDPR.eu><meta property=article:section content="GDPR Compliance"><meta property=article:published_time content=2020-06-19T15:23:56+00:00><meta property=article:modified_time content=2023-09-14T15:42:35+00:00><meta property=og:updated_time content=2023-09-14T15:42:35+00:00><meta property=og:image content=https://gdpr.eu/wp-content/uploads/2020/06/GDPR-blog-cover-data-remote-IM-1024x576.jpg><meta property=og:image:secure_url content=https://gdpr.eu/wp-content/uploads/2020/06/GDPR-blog-cover-data-remote-IM-1024x576.jpg><meta property=og:image:width content=1024><meta property=og:image:height content=576><meta name=twitter:card content=summary_large_image><meta name=twitter:description content="If you’re managing remote teams, securing personal data should be a top priority. This article describes some easy ways to protect information."><meta name=twitter:title content="Tips to keep your company GDPR compliant while working from home"><meta name=twitter:image content=https://gdpr.eu/wp-content/uploads/2020/06/GDPR-blog-cover-data-remote-IM.jpg> <script type=application/ld+json class='yoast-schema-graph yoast-schema-graph--main'>{"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://gdpr.eu/#organization","name":"GDPR.eu","url":"https://gdpr.eu/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https://gdpr.eu/#logo","url":"https://gdpr.eu/wp-content/uploads/2019/02/profile-pic-PH-gdpr.jpg","width":900,"height":900,"caption":"GDPR.eu"},"image":{"@id":"https://gdpr.eu/#logo"}},{"@type":"WebSite","@id":"https://gdpr.eu/#website","url":"https://gdpr.eu/","name":"GDPR.eu","publisher":{"@id":"https://gdpr.eu/#organization"},"potentialAction":{"@type":"SearchAction","target":"https://gdpr.eu/?s={search_term_string}","query-input":"required name=search_term_string"}},{"@type":"ImageObject","@id":"https://gdpr.eu/working-remotely-data-security/#primaryimage","url":"https://gdpr.eu/wp-content/uploads/2020/06/GDPR-blog-cover-data-remote-IM.jpg","width":1920,"height":1080,"caption":"How to protect your business's data while your teams work remotely."},{"@type":"WebPage","@id":"https://gdpr.eu/working-remotely-data-security/#webpage","url":"https://gdpr.eu/working-remotely-data-security/","inLanguage":"en-US","name":"Tips to keep your company GDPR compliant while working from home","isPartOf":{"@id":"https://gdpr.eu/#website"},"primaryImageOfPage":{"@id":"https://gdpr.eu/working-remotely-data-security/#primaryimage"},"datePublished":"2020-06-19T15:23:56+00:00","dateModified":"2023-09-14T15:42:35+00:00","description":"If you\u2019re managing remote teams, securing personal data should be a top priority. This article describes some easy ways to protect information."},{"@type":"Article","@id":"https://gdpr.eu/working-remotely-data-security/#article","isPartOf":{"@id":"https://gdpr.eu/working-remotely-data-security/#webpage"},"author":{"@id":"https://gdpr.eu/#/schema/person/5cd2d5241f0b12376f50ab9f841b2eac"},"headline":"Data protection and working remotely","datePublished":"2020-06-19T15:23:56+00:00","dateModified":"2023-09-14T15:42:35+00:00","commentCount":0,"mainEntityOfPage":{"@id":"https://gdpr.eu/working-remotely-data-security/#webpage"},"publisher":{"@id":"https://gdpr.eu/#organization"},"image":{"@id":"https://gdpr.eu/working-remotely-data-security/#primaryimage"},"articleSection":"GDPR Compliance"},{"@type":["Person"],"@id":"https://gdpr.eu/#/schema/person/5cd2d5241f0b12376f50ab9f841b2eac","name":"Richie Koch","image":{"@type":"ImageObject","@id":"https://gdpr.eu/#authorlogo","url":"https://secure.gravatar.com/avatar/08db9693a2296708cd4d5a8f614cf370?s=96&d=mm&r=g","caption":"Richie Koch"},"description":"Prior to joining Proton VPN, Richie spent several years working on tech solutions in the developing world. As a senior editor at Latterly magazine, he covered international human rights stories. He joined Proton VPN to advance the rights of online privacy and freedom.","sameAs":[]}]}</script> <link rel=dns-prefetch href=//ws.sharethis.com><link rel=dns-prefetch href=//cdn.jsdelivr.net><link rel=dns-prefetch href=//maxcdn.bootstrapcdn.com><link rel=dns-prefetch href=//fonts.googleapis.com><link rel=dns-prefetch href=//use.fontawesome.com><link rel=dns-prefetch href=//s.w.org><link rel=alternate type=application/rss+xml title="GDPR.eu &raquo; Feed" href=https://gdpr.eu/feed/ ><link rel=alternate type=application/rss+xml title="GDPR.eu &raquo; Comments Feed" href=https://gdpr.eu/comments/feed/ ><link rel=alternate type=application/rss+xml title="GDPR.eu &raquo; Data protection and working remotely Comments Feed" href=https://gdpr.eu/working-remotely-data-security/feed/ > <script>window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/12.0.0-1\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/gdpr.eu\/wp-includes\/js\/wp-emoji-release.min.js?ver=8c03ada028d9ba4936249699216631ae"}}; !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode;p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([55357,56424,55356,57342,8205,55358,56605,8205,55357,56424,55356,57340],[55357,56424,55356,57342,8203,55358,56605,8203,55357,56424,55356,57340])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source||{}).concatemoji?c(n.concatemoji):n.wpemoji&&n.twemoji&&(c(n.twemoji),c(n.wpemoji)))}(window,document,window._wpemojiSettings);</script> <style>img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 .07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; }</style><link rel=stylesheet id=simple-share-buttons-adder-font-awesome-css href='//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css?ver=8c03ada028d9ba4936249699216631ae' type=text/css media=all><link rel=stylesheet id=opensans-css href='https://fonts.googleapis.com/css?family=Open+Sans' type=text/css media=all><link rel=stylesheet id=font-awesome-css href=https://use.fontawesome.com/releases/v5.1.1/css/all.css type=text/css media=all> <script src="https://gdpr.eu/wp-content/cache/minify/c7035.js"></script> <script id=st_insights_js src='https://ws.sharethis.com/button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&#038;product=simpleshare'></script> <link rel=https://api.w.org/ href=https://gdpr.eu/wp-json/ ><link rel=EditURI type=application/rsd+xml title=RSD href=https://gdpr.eu/xmlrpc.php?rsd><link rel=wlwmanifest type=application/wlwmanifest+xml href=https://gdpr.eu/wp-includes/wlwmanifest.xml><link rel=shortlink href='https://gdpr.eu/?p=10577'><link rel=alternate type=application/json+oembed href="https://gdpr.eu/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fgdpr.eu%2Fworking-remotely-data-security%2F"><link rel=alternate type=text/xml+oembed href="https://gdpr.eu/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fgdpr.eu%2Fworking-remotely-data-security%2F&#038;format=xml"><link rel="shortcut icon" href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon.ico><link rel=apple-touch-icon sizes=57x57 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-57x57.png><link rel=apple-touch-icon sizes=60x60 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-60x60.png><link rel=apple-touch-icon sizes=72x72 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-72x72.png><link rel=apple-touch-icon sizes=76x76 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-76x76.png><link rel=apple-touch-icon sizes=114x114 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-114x114.png><link rel=apple-touch-icon sizes=120x120 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-120x120.png><link rel=apple-touch-icon sizes=144x144 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-144x144.png><link rel=apple-touch-icon sizes=152x152 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-152x152.png><link rel=apple-touch-icon sizes=180x180 href=https://gdpr.eu/wp-content/themes/gdpr/assets/apple-icon-180x180.png><link rel=icon type=image/png sizes=192x192 href=https://gdpr.eu/wp-content/themes/gdpr/assets/android-icon-192x192.png><link rel=icon type=image/png sizes=32x32 href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon-32x32.png><link rel=icon type=image/png sizes=96x96 href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon-96x96.png><link rel=icon type=image/png sizes=16x16 href=https://gdpr.eu/wp-content/themes/gdpr/assets/favicon-16x16.png><link rel=manifest href=https://gdpr.eu/wp-content/themes/gdpr/assets/manifest.json><meta name=msapplication-TileColor content=#ffffff><meta name=msapplication-TileImage content=https://gdpr.eu/wp-content/themes/gdpr/assets/ms-icon-144x144.png><meta name=theme-color content=#ffffff><style>.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style></head><body class="post-template-default single single-post postid-10577 single-format-standard cookies-not-set"><div id=wrapper><header id=header><div id=social><div class="container text-right"> <a target=_blank href="http://www.facebook.com/sharer.php?u=https://gdpr.eu/"><em class="fab fa-facebook"></em> <span>Facebook</span></a> <a target=_blank href="http://twitter.com/share?url=https://gdpr.eu/"><em class="fab fa-twitter"></em> <span>Twitter</span></a></div></div><div id=top><div class=container><div class=pull-right><div class=search-box><form role=search method=get class=search-form action=https://gdpr.eu/ > <input type=search id=search-form-67b4f2c185046 class=textbox placeholder=Search... value name=s> <button type=submit class=button><i class=icon-search></i><span>Search</span></button></form></div></div> <span id=logo> <a href=https://gdpr.eu/ class=gdpr></a> <a target=_blank href=https://ec.europa.eu/programmes/horizon2020/en/ class=horizon></a> <img class=full src=https://gdpr.eu/wp-content/themes/gdpr/images/logo-gdpr-eu.svg alt=GDPR.eu> <img class=short src=https://gdpr.eu/wp-content/themes/gdpr/images/logo-gdpr-eu-notext.svg alt=GDPR.eu> </span></div></div><nav id=nav><div class=container><div id=searchx><div class=search-box><form role=search method=get class=search-form action=https://gdpr.eu/ > <input type=search id=search-form-67b4f2c185121 class=textbox placeholder=Search... value name=s> <button type=submit class=button><i class=icon-search></i><span>Search</span></button></form></div></div><nav id=mainmenu class=menu-primary-menu-container><ul><li id=menu-item-309 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home menu-item-309"><a href=https://gdpr.eu/ >Home</a></li><li id=menu-item-351 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-351"><a href=https://gdpr.eu/checklist/ >Checklist</a></li><li id=menu-item-8150 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-8150"><a href=https://gdpr.eu/faq/ >FAQ</a></li><li id=menu-item-394 class="menu-item menu-item-type-taxonomy menu-item-object-post_tag menu-item-394"><a href=https://gdpr.eu/tag/gdpr/ >GDPR</a></li><li id=menu-item-350 class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-350"><a href=https://gdpr.eu/category/news-updates/ >News &#038; Updates</a></li></ul></nav></div></nav></header><div id=main><div id=primary class="content-area one-column"><div id=content class=site-content><div class=post-main-box><div class=featured-image style="background-image: url(https://gdpr.eu/wp-content/uploads/2020/06/GDPR-blog-cover-data-remote-IM.jpg); "> <em></em><div class=container><div class=container><h1>Data protection and working remotely</h1> <i></i></div></div></div><div class=container><div class=post-detail-box><div class=container><div class=row><div class="col-xl-8 col-lg-12 single-content"><p>The paradigm shift toward remote working began even before the COVID-19 pandemic broke out. Since then, local and national directives have confined large portions of the population to their homes. As a result, many businesses have continued operating using a distributed workforce, and some, like <a href=https://www.bloomberg.com/news/articles/2020-05-21/shopify-is-joining-twitter-in-permanent-work-from-home-shift target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">Shopify and Twitter</a>, have made remote working permanent.</p><p>These new circumstances demand a different security stance than working from centralized offices. Especially when it comes to maintaining the data security that the GDPR requires.&nbsp;</p><p>If you’re suddenly managing remote teams, it can be daunting to think about data security with everything else that’s going on. The GDPR, in general, requires that companies keep personal data private and secure.</p><p>This article will show you how, with a few simple actions, you can help ensure you stay GDPR compliant even as your team is spread out.&nbsp;</p><h2>Now’s a good time to update your cybersecurity policy</h2><p>Many employees who are not familiar with data security issues may not grasp how a simple slip-up on their part could lead to a data breach that exposes the personal data you are charged to protect. These data breaches can not only undermine consumer confidence in your company but also lead to costly GDPR fines.&nbsp;</p><p>A cybersecurity policy that instructs your employees on how to keep your business’s data safe is an important tool in data protection. If you don’t have one, you should make one. If you have a policy but haven’t updated it since everyone began working from home, this is the time to do so. A good place to start is by reviewing the <a href=https://www.nist.gov/industry-impacts/cybersecurity-framework target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">NIST cybersecurity framework</a>, which provides you with a set of best-practice guidelines for all stages of threat identification and mitigation.&nbsp;</p><p>The NIST framework covers five areas, all of which are essential components of a successful cybersecurity framework:</p><ol><li><strong>Identify</strong><strong><br></strong>You should develop an understanding of your environment in order to assess the level of cybersecurity risk to systems, assets, data, and capabilities.&nbsp;</li><li><strong>Protect</strong><strong><br></strong>You should develop and implement the appropriate safeguards to limit or contain the impact of a potential cybersecurity event. This involves controlling access to digital and physical assets, but also the responsibility to provide education and training to all employees.&nbsp;</li><li><strong>Detect</strong><strong><br></strong>You should have the ability to identify cybersecurity incidents quickly. This means using a system that can undertake continuous monitoring to detect unusual activity and other threats to operational continuity.</li><li><strong>Respond</strong><strong><br></strong>If a cyberattack occurs, organizations must have the ability to contain the impact. This means you will need to have a response plan in place. Once you have resolved your cybersecurity incident, you will need to update your response plan with any lessons learned.</li><li><strong>Recover</strong><strong><br></strong>Finally, you should have a plan to restore any capabilities or services that were affected by cybersecurity incidents.</li></ol><p>Your IT security policy doesn’t have to be a complicated document. It should cover the reasons it exists in the first place and then lay out, in easy-to-understand terms, the exact security protocols your fellow employees should follow. If they’re confused, they can ask questions, but no one is exempt from the policy. You can also use the free templates offered by <a rel="noreferrer noopener" aria-label=" (opens in a new tab)" href=https://www.sans.org/information-security-policy/ target=_blank>SANS</a>, a globally recognized cybersecurity training and consultancy organization, as models for your policy.&nbsp;</p><p><em>Get a detailed guide to creating a security policy for your company with Proton’s </em><a href="https://proton.me/business/security-guide?ref=gdpreu" target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">ebook on IT security for small businesses</a><em>.</em></p><h2>Data protection: in transit and at rest</h2><p><a href=https://gdpr.eu/Recital-83-Security-of-processing target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">Recital 83</a> essentially stipulates that personal data must be protected both in transit and at rest.&nbsp; Data is in transit pretty much any time someone accesses it. The data passing from this website’s servers to your device is one example of data in transit. On the other hand, data a rest refers to data in storage, like on your device’s hard drive or a USB flash drive.</p><p>The two keys to maintaining data protection when your teams are all working remotely are <strong>encryption</strong> and <strong>controlling access</strong>.</p><h2>Remote security requires encryption</h2><p>Your company&#8217;s sensitive data should be encrypted both in transit and at rest. Both Recital 83 and <a href=https://gdpr.eu/article-32-security-of-processing/ target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">Article 32</a> of the GDPR explicitly mention “encryption” when discussing appropriate technical and organizational security measures. Encryption is important because if your data is encrypted and there is a breach, the data will be illegible and useless.&nbsp;</p><p>Keeping sensitive personal data encrypted is much easier in an office, where your cybersecurity team can maintain server security and monitor your network. But there are simple steps your organization can take so that data remains encrypted, even if it is stored on a device at your employee’s home.&nbsp;</p><p>First, all devices that your employees use for work — including their work phone — should be encrypted. Your employees can encrypt the hard drives of their <a href=https://www.androidauthority.com/how-to-encrypt-android-device-326700/ target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">Android</a>, <a href=https://ssd.eff.org/en/module/how-encrypt-your-iphone target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">iOS</a>, <a href=https://support.apple.com/en-us/HT204837 target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">macOS</a>, and <a href=https://support.microsoft.com/en-us/help/4028713/windows-10-turn-on-device-encryption target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">Windows</a> devices. There is also third party hard drive encryption software, like <a href=https://www.veracrypt.fr/en/Introduction.html target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">VeraCrypt</a>, that will work on a wide variety of devices.</p><p>Much of the software your company likely uses, like <a href="https://docs.microsoft.com/en-us/microsoft-365/compliance/encryption?view=o365-worldwide" target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">Microsoft Office</a> or <a href=https://helpx.adobe.com/acrobat/using/securing-pdfs-passwords.html target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">Adobe Acrobat</a>, also offers you the option to encrypt your saved files. This is another way you can keep your data encrypted at rest. You should follow other <a href=https://privacycanada.net/computer-security/ target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">basic computer security steps</a> and ensure that all employees follow them too, whether they work remotely or not.</p><p>The idea is simple. Hackers from afar aren’t the only danger posed to your data. Laptops and other mobile devices are lost or stolen all the time. Encryption software locks down files and folders so that unauthorized users can’t view the data even if they manage to get into the machine.</p><h2>Control access, secure connections, no exceptions&nbsp;&nbsp;</h2><p>You should revisit who in your company has access to sensitive data. Employees should only have regular access to the data they need to complete their daily tasks. Limiting the amount of data each individual can access mitigates the damage one employee’s security lapse can cause.&nbsp;</p><p>Your company should also use a corporate <strong>virtual private network (VPN)</strong> to limit access to your sensitive data. The VPN will encrypt your employees’ connection to your servers, letting them safely and securely access your company’s network. The corporate VPN’s encrypted tunnel will help keep your data safe in transit. It will also prevent attackers that do not have your corporate VPN from accessing your servers.&nbsp;</p><p>As a reminder, using public WiFi without a VPN <a href=https://www.inc.com/comcast/risks-of-using-public-wifi.html target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">is unwise</a>, particularly if your work deals with sensitive data. These networks can easily be monitored by others. Your employees should even use a trustworthy VPN if they are working from home, just to be safe.</p><p>By encrypting your data, limiting each employee’s access, and using a corporate VPN to control access to your company’s servers, you significantly decrease the likelihood of there being a massive data breach.&nbsp;</p><h2>Boring but effective advice: train your employees</h2><p>Human error is one of the main causes of data breaches. Cybersecurity is difficult enough when everyone is in an office on a network you control. Relying on your employees to immediately pick up and master all the new cybersecurity policies and tools you implement while working from home will not be effective.&nbsp;</p><p>Your <a href=https://gdpr.eu/article-38-data-protection-officer/ >data protection officer</a> or the team in charge of your cybersecurity should plan to run training sessions on the new policy with the entire company. This team should then train your employees (in small groups) on the new security tools and processes they will use in their day-to-day work.</p><p>Your employees will still need help even after they are trained on how to use these new tools. Your cybersecurity team should always have someone on standby to respond to questions. If possible, they should also schedule short follow-up video calls with all your employees to evaluate whether everyone is following your new security policy.&nbsp;</p><h2>Final thoughts on cybersecurity and working remotely</h2><p>By putting some of these suggestions into practice, you can relieve some of the stress of remote work. These are the data security steps that can help you avoid costly <a href=https://gdpr.eu/fines/ target=_blank rel="noreferrer noopener" aria-label=" (opens in a new tab)">GDPR fines</a>.&nbsp;&nbsp;</p><p>To boil it down to four steps, the most significant things that you, a small business owner, can do to stay GDPR compliant while your team is working from home are:&nbsp;</p><ol><li>Update your cybersecurity policy to reflect the new “working from home” reality.</li><li>Train your employees and make sure your cybersecurity team is ready to support them.</li><li>Keep data encrypted in transit and at rest.</li><li>Limit access to sensitive data and keep your connections secure with a corporate VPN.</li></ol><div class=rp4wp-related-posts><h3>Related Posts</h3><ul><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/article-38-data-protection-officer/ >Art. 38 GDPR - Position of the data protection officer</a></div></li><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/recital-97-data-protection-officer/ >Recital 97 - Data protection officer</a></div></li><li><div class=rp4wp-related-post-content> <a href=https://gdpr.eu/article-39-tasks-of-the-data-protection-officer/ >Art. 39 GDPR - Tasks of the data protection officer</a></div></li></ul></div><div class=post-share><div id=ssba-modern-2 class="ssba ssbp-wrap left ssbp--theme-4"><div style=text-align:left><span class=ssba-share-text>Share on:</span><ul class=ssbp-list><li class=ssbp-li--facebook><a data-site class="ssba_facebook_share ssbp-facebook ssbp-btn" href="http://www.facebook.com/sharer.php?u=https://gdpr.eu/working-remotely-data-security/" target=_blank ><div title=Facebook class=ssbp-text>Facebook</div></a></li><li class=ssbp-li--google><a data-site class="ssba_google_share ssbp-google ssbp-btn" href="https://plus.google.com/share?url=https://gdpr.eu/working-remotely-data-security/" target=&quot;_blank&quot; ><div title=Google+ class=ssbp-text>Google+</div></a></li><li class=ssbp-li--twitter><a data-site class="ssba_twitter_share ssbp-twitter ssbp-btn" href="http://twitter.com/share?url=https://gdpr.eu/working-remotely-data-security/&amp;text=Data%20protection%20and%20working%20remotely%20" target=&quot;_blank&quot; ><div title=Twitter class=ssbp-text>Twitter</div></a></li><li class=ssbp-li--linkedin><a data-site=linkedin class="ssba_linkedin_share ssba_share_link ssbp-linkedin ssbp-btn" href="http://www.linkedin.com/shareArticle?mini=true&amp;url=https://gdpr.eu/working-remotely-data-security/" target=&quot;_blank&quot; ><div title=Linkedin class=ssbp-text>Linkedin</div></a></li></ul></div></div></div></div><div class="col-lg-4 d-none d-xl-block"><div id=sidebar><section class=yellow><h5>Forms and Templates</h5><ul><li><a href=/data-processing-agreement/ ><i class="far fa-file-alt"></i>&nbsp;&nbsp;Data Processing Agreement</a></li><li><a href=/right-to-erasure-request-form/ ><i class="far fa-file-alt"></i>&nbsp;&nbsp;Right to Erasure Request Form</a></li><li><a href=/privacy-notice/ ><i class="far fa-file-alt"></i>&nbsp;&nbsp;Privacy Policy</a></li></ul></section></div></div></div></div></div><div class=post-author-details-box> <span class=author-intials><img src=https://gdpr.eu/wp-content/uploads/2019/01/richie.gif style=' height: 100%; max-width: initial !important;'></span><div class=post-author-details><h6>Richie Koch</h6> <span>Managing Editor, GDPR EU</span><p>Prior to joining Proton VPN, Richie spent several years working on tech solutions in the developing world. As a senior editor at Latterly magazine, he covered international human rights stories. He joined Proton VPN to advance the rights of online privacy and freedom.</p></div></div></div></div></div></div></div><footer id=footer><div class=container><div class=post-author-details-box><div class=post-author-details><h6>About GDPR.EU</h6><p>&nbsp;</p><p>GDPR.EU is a website operated by Proton Technologies AG, which is co-funded by Project REP-791727-1 of the Horizon 2020 Framework Programme of the European Union. This is not an official EU Commission or Government resource. The europa.eu webpage concerning GDPR can be found <a href=https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en target=_blank>here</a>. Nothing found in this portal constitutes legal advice.</p></div></div><div class=footer-top><div class=row><div class=col-sm-3> <br><h5>Getting Started</h5><br><div class=menu-deep-footer-column-1-container><ul class=fmenu><li id=menu-item-9315 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9315"><a href=https://gdpr.eu/what-is-gdpr/ >What is GDPR?</a></li><li id=menu-item-9316 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9316"><a href=https://gdpr.eu/fines/ >What are the GDPR Fines?</a></li><li id=menu-item-9317 class="menu-item menu-item-type-post_type menu-item-object-page menu-item-9317"><a href=https://gdpr.eu/checklist/ >GDPR Compliance Checklist</a></li></ul></div></div><div class=col-sm-3> <br><h5>Templates</h5><br><div class=menu-deep-footer-column-2-container><ul class=fmenu><li id=menu-item-9318 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9318"><a href=https://gdpr.eu/data-processing-agreement/ >Data Processing Agreement</a></li><li id=menu-item-9319 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9319"><a href=https://gdpr.eu/right-to-erasure-request-form/ >Right to Erasure Request Form</a></li><li id=menu-item-9320 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9320"><a href=https://gdpr.eu/privacy-notice/ >Writing a GDPR-compliant privacy notice</a></li></ul></div></div><div class=col-sm-3> <br><h5>Technical Review</h5><br><div class=menu-deep-footer-column-3-container><ul class=fmenu><li id=menu-item-9321 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9321"><a href=https://gdpr.eu/data-protection-officer/ >Data Protection Office Guide</a></li><li id=menu-item-9322 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9322"><a href=https://gdpr.eu/email-encryption/ >GDPR and Email</a></li><li id=menu-item-9323 class="menu-item menu-item-type-post_type menu-item-object-post menu-item-9323"><a href=https://gdpr.eu/companies-outside-of-europe/ >Does GDPR apply outside of the EU</a></li></ul></div></div><div class=col-sm-3> <br><h5>About Us</h5><br><p>GDPR.eu is co-funded by the <a href=https://ec.europa.eu/programmes/horizon2020/en/ >Horizon 2020</a> Framework Programme of the European Union <strong>and operated by Proton AG</strong>.</p></div></div></div><div class=formz><p>&nbsp;</p><p><strong>GDPR Forms and Templates</strong></p><p> <a href=/data-processing-agreement/ ><i class="far fa-file-alt"></i> <strong>Data Processing Agreement</strong> <i class="fa fa-chevron-right"></i></a> <a href=/right-to-erasure-request-form/ ><i class="far fa-file-alt"></i> <strong>Right to Erasure Request Form</strong> <i class="fa fa-chevron-right"></i></a> <a href=/privacy-notice/ ><i class="far fa-file-alt"></i> <strong>Privacy Policy</strong> <i class="fa fa-chevron-right"></i></a></p></div><p>&nbsp;</p><p class=copyright>© 2025 Proton AG. All Rights Reserved.</p><p class=text-center> <br> <a href=https://gdpr.eu/terms-and-conditions/ >Terms and Conditions</a> &nbsp;&nbsp;&nbsp; <a href=https://gdpr.eu/privacy-policy/ >Privacy Policy</a></p></div></footer></div><div id=compliance_a style=display:none;> <a href=# class="close fa fa-times"></a> <img src=https://gdpr.eu/wp-content/themes/gdpr/images/gdpr_graphic.svg alt="GDPR Graphic"><p>GDPR compliance is easier with <strong>encrypted email</strong></p> <span><a target=_blank href="https://proton.me/business/gdpr?ref=gdpreu">Learn more <i class="fa fa-chevron-right"></i></a></span></div><style id=simple-share-buttons-adder-ssba-inline-css>.ssba { } .ssba img { width: 35px !important; padding: 6px; border: 0; box-shadow: none !important; display: inline !important; vertical-align: middle; box-sizing: unset; } #ssba-classic-2 .ssbp-text { display: none!important; } .ssba .fb-save { padding: 6px; } .ssbp-list li a {height: 25px!important; width: 25px!important; background-color: #0072ff!important; } .ssbp-list li a:hover {background-color: #0072ff!important; } .ssbp-list li a::before {line-height: 25px!important;; font-size: 16px;color: #fff!important;} .ssbp-list li a:hover::before {color: #fff!important;} .ssbp-list li { margin-left: 8px!important; } .ssba-share-text { font-size: 16px; font-weight: normal; font-family: inherit; } @font-face { font-family: 'ssbp'; src:url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.eot?xj3ol1'); src:url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.eot?#iefixxj3ol1') format('embedded-opentype'), url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.woff?xj3ol1') format('woff'), url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.ttf?xj3ol1') format('truetype'), url('https://gdpr.eu/wp-content/plugins/simple-share-buttons-adder/fonts/ssbp.svg?xj3ol1#ssbp') format('svg'); font-weight: normal; font-style: normal; /* Better Font Rendering =========== */ -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; }</style> <script>var cnArgs = {"ajaxurl":"https:\/\/gdpr.eu\/wp-admin\/admin-ajax.php","hideEffect":"fade","onScroll":"no","onScrollOffset":"100","cookieName":"cookie_notice_accepted","cookieValue":"true","cookieTime":"2592000","cookiePath":"\/","cookieDomain":"","redirection":"1","cache":"1","refuse":"yes","revoke_cookies":"0","revoke_cookies_opt":"automatic","secure":"1"};</script> <script src="https://gdpr.eu/wp-content/cache/minify/6fdea.js"></script> <script>Main.boot( [] );</script> <script src=https://cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js></script> <div id=cookie-notice role=banner class="cn-bottom bootstrap" style="color: #fff; background-color: #000;" aria-label="Cookie Notice"><div class=cookie-notice-container><span id=cn-notice-text>We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.</span><a href=# id=cn-accept-cookie data-cookie-set=accept class="cn-set-cookie cn-button bootstrap button">Ok</a><a href=# id=cn-refuse-cookie data-cookie-set=refuse class="cn-set-cookie cn-button bootstrap button">No</a><a href=https://gdpr.eu/privacy-policy/ target=_blank id=cn-more-info class="cn-more-info cn-button bootstrap button">Privacy policy</a></div><div class=cookie-notice-revoke-container><a href=# class="cn-revoke-cookie cn-button bootstrap button">Revoke cookies</a></div></div> <script defer src=https://gdpr.eu/wp-content/cache/autoptimize/js/autoptimize_5dd90da4735596921829dacc461fe36f.js></script></body></html> <!-- Performance optimized by W3 Total Cache. Learn more: https://www.w3-edge.com/products/ Page Caching using disk: enhanced Minified using disk Database Caching 48/66 queries in 0.018 seconds using disk Served from: gdpr.eu @ 2025-02-18 21:51:13 by W3 Total Cache -->

Pages: 1 2 3 4 5 6 7 8 9 10