Briefing: Hybrid working - who can access what data?
It’s been almost two years since the pandemic forced the workforce out of the office and into, for some, a make-do set up at home. Who knew then that this would turn into a more permanent arrangement, with employees finding they enjoy the flexibility of working from home and employers finding they no longer need to pay out for a permanent office.
Hybrid working is now proving effective for many, but one of the key issues that cropped up as employers learnt to manage this way of working, was that of data protection and the immediate need to control who had access to what. This is an ongoing issue and, in line with Data Protection Day (28 January), this briefing takes a look at protecting personal data in a hybrid working model.
One of the key issues to manage is how your data is being used when your workforce could potentially be using different networks or devices. Data protection compliance specialist The Compliance Space highlights some key principles to remember when it comes to de-risking remote working.
Avoid a blanket ‘access to everything’ approach
There is a need to balance the requirement to work remotely with appropriate data access and security. This will require regular review in light of a more permanent switch to hybrid working, but will be time well spent to avoid a potentially damaging data breach.
Discourage local storage of data
Using approved online systems and educating employees on the benefits of having central access is vital. In the immediate aftermath of the pandemic, organisations may not have had the resources to ensure everyone was adhering to best practice, but they cannot afford to let this go unchecked indefinitely.
Regularly review security standards
It is still imperative to have minimum security standards for remote devices, such as disk encryption, strong passwords and VPN for internet connections and privacy screens.
Making sure employees keep compliance issues in mind when they are working from home is a challenge. Consider the following recommendations:
Make the permanent move to a digital data storage system
One of the main opportunities that has arisen from the increased use of digital solutions is that it can really reduce the perceived need for paper-based systems. This change in habit is crucial to increasing both efficiency and security for organisations. Having a common digital platform for people to interact on and with can really help drive engagement on compliance-based activities.
Use ‘extra’ time to train
With people spending less time commuting or travelling, there is potentially more time to dedicate to compliance-based activities. Ensure there is a regular programme of best practice training in place to embed a positive data culture within the business. Digital tools mean that you can be more flexible and aware of people’s individual circumstances by arranging virtual training sessions or updates that are easy for people to attend.
Be visible
Even if that is not physically possible, the DPO, or person responsible for data protection, still needs to be the ‘go to’ person for help and support and regular communication will continue to be crucial. In addition to training, think of other ways to ensure data management is front of mind, perhaps using other internal communications channels such as e-newsletters or the intranet.
Read The Compliance Space's full article and download its data protection guide here.
related content
