As the COVID-19 pandemic continues, home working is now widespread in the UK. This poses a great risk as personal data that would usually be confined to business premises is now being accessed in the home of employees. Most businesses will have a Data Protection Policy in place, but does yours factor in such extraordinary conditions?
Data protection compliance is essential
As well as having practices and documents in place, it is important that your staff understand the principles of GDPR. Helping to ensure the data you hold is safe within your organisation.
The Data Protection Policy for Home Working is an extension of the usual policy, and is a very detailed document. Under normal circumstances, the handling of personal data by staff working from home is not desirable. However, data protection compliance must adapt to the current situation.
Data Protection Policy for Home Working
This Policy template includes considerable detail from the GDPR in order to assist in the learning and awareness process throughout your business.
It also sets out a range of measures to be followed designed to secure and protect personal data, as well as to improve your business’s compliance with the law. Please note that this document is designed for business use only, and certain provisions of the law relating to public authorities and other official bodies have not been fully incorporated.
Here is the full list of sections which your policy should include:
4. The Data Protection Principles
5. The Rights of Data Subjects
6. Lawful, Fair, and Transparent Data Processing
8. Specified, Explicit, and Legitimate Purposes
9. Adequate, Relevant, and Limited Data Processing
10. Accuracy of Data and Keeping Data Up-to-Date
11. Data Retention
12. Secure Processing
13. Accountability and Record-Keeping
14. Data Protection Impact Assessments and Privacy by Design
15. Keeping Data Subjects Informed
16. Data Subject Access
17. Rectification of Personal Data
18. Erasure of Personal Data
19. Restriction of Personal Data Processing
20. Data Portability
21. Objections to Personal Data Processing
22. Automated Processing, Automated Decision-Making, and Profiling
23. Direct Marketing
24. Personal Data Collected, Held, and Processed
25. Data Security – Transferring Personal Data and Communications
26. Data Security – Storage
27. Data Security – Disposal
28. Data Security – Use of Personal Data
29. Data Security – IT Security
30. Organisational Measures
31. Transferring Personal Data to a Country Outside the EEA
32. Data Breach Notification
33. Implementation of Policy
If you would like any help with putting together a Data Protection Policy for Home Working please feel free to contact our team today.