Is it a coincidence that X-mas and GDPR both have four letters in them? We think not; and so here is a festive update on GDPR. This is our present from us to you, you’re welcome.
So why GDPR at Christmas? Well, during the holiday period there is an influx of holidays and sick days being taken. Following a recent survey by Insurance2go, a startling 61% of those Brits surveyed said that they use their personal devices to conduct work either on their commute, when they get home, during holidays, weekends and/or sickness absence. So what’s the problem? Well, as we will all be aware, one of the key principles behind GDPR is that organisations must keep personal data secure. Allowing employees access such data on their personal devices increases the risks to that data because the organisation cannot control and monitor the device in the same way it could with a business issued phone.
According to the survey, women are more likely than men to check their phones outside of work with 29% of those surveyed claiming that they checked their phones for work-related matters when they were ill or on holiday.
But it’s not all bad, right? People know that they need to keep personal data secure, don’t they? The Insurance2go survey suggests that 46% of people surveyed were NOT aware of the GDPR rules affecting their work on personal devices.
This means that there is a serious risk employees may breach GDPR by failing to protect the information as securely as their employer does. In most cases, employers will be liable for their employees’ misuse of personal data.
The statistics demonstrate that more needs to be done with employees to raise awareness of the requirements and principles of the GDPR. This could be done through policies, workshops and/or handouts.
By raising awareness you can help your organisation avoid the fines being handed out by the ICO for data protection failures. For example the recent £385,000 fine for Uber in relation to it’s data security failures. The level of the fine was exacerbated by the number of people that the security flaws affected, some 2.7 million.
It is now an established part of life that people work longer and more often than ever before. This includes, as the Insurance2go’s survey finds, when employees should be on holiday or when they are ill.
In 2016 France introduced a law that meant workers have the legal right to avoid checking their work emails out of hours. This was an attempt to restore some work-life balance. Is this something that we should introduce in England? According to the Insurance2go survey, 65% of Brits think we should.
Unless and until the UK goes down this route, employers who permit employees to access personal data for which the organisation is responsible on their personal devices need to carry out an assessment of the pros and cons of this. Those who do allow this must have in place appropriate measures to safeguard not just personal data, but also confidential and commercially sensitive information. Implementing a bring your own device to work (BYOD) policy may be a good starting point.
All-in-all this wasn’t a bad present for Christmas, don’t you think? It’s certainly better than a pair of socks!