Now that Covid-19 has now been declared a global pandemic, our preparedness for homeworking is being tested.
Organisations where agile working is the norm, will already have adopted systems and equipment to maintain business operations and manage the risks of working “beyond the perimeter”. Others will not.
Although it may be unplanned, now is the time to look at how you enable your distributed staff to collaborate. Doing this now will pay dividends in the future, long after the current threat of Covid-19 has gone away.
Right now, in the midst of Covid-19, GDPR may not feature strongly (or at all) on your list of considerations. But there are 2 big reasons why it should. First, protecting personal data will remain your statutory obligation under GDPR, regardless of whether it is being processed onsite or from your employee’s homes and their personal devices. (Remember, under GDPR, you have a statutory obligation to take appropriate technical and organisational measures to protect personal data.) Second, new data security risks are likely to emerge as attackers exploit the Covid-19 crisis to launch new phishing attacks and identify vulnerabilities in your security measures.
If you are reliant on your staff using their own personal devices to work from, it is critical to deploy Bring-Your-Own-Device (BYOD) measures.
Bring-Your-Own-Device (BYOD) is the use of employee-owned devices to access the employer’s network or content
BYOD comes in many guises. For example, staff accessing their email from their personal smartphone or working from a home PC or personal laptop. However, if you plan to rely on BYOD, it needs to be GDPR-compliant.
The first thing to understand is that BYOD will increase security risks and the likelihood of a data breach occurring. The reason for this is that although your organisation remains the Controller of any personal data being processed, it does not legally own the device upon which it is being processed. You will become reliant on your staff properly securing their device, recognising GDPR risks and how to mitigate those risks.
Here at Stone King, we embraced agile working some time ago so its “business-as-usual” in spite of Covid-19. All of our lawyers and critical support staff regularly work remotely / home-work from secure laptops that access the firm’s network via a secure Virtual Private Network (VPN). This way of working is not only popular with staff, it also provides critical business resilience to the provision of services, allowing us to continue to support our clients in spite of Covid-19.
Here are our 10 top tips for adopting BYOD from ground-zero:
Stone King’s specialist Information Law Group provides novel and responsive solutions to all types of business. It is led by a core of lawyers that have specialist qualifications and long-standing expertise.
Partner, Head of Information Law