28th January is Data Protection Day, an annual event launched by the Council of Europe in 2006 to mark the date the Council of Europe’s data protection signature was open for signature.
Over the last 12 months, we have all seen changes to our working lives that we could not have envisaged. For most office-based roles in the UK, this has meant working from home, which brings with it a whole list of challenges, not least GPDR and data protection.
A new study highlights homeworkers may be breaking GDPR confidentiality laws
A study recently published by Go Shred, a confidential and records management company, has brought to light the amount of items UK home workers are printing off.
A staggering 66% of home workers interviewed admitting to printing off work-related documents.
As you can imagine, these are a mix of items, but worryingly, in this mix were items with confidential information, including payroll.
20% of home workers, who have printed documents at home, printed confidential employee information including payroll, addresses, and medical information.
Data security strategy needs to cover all eventualities
In March 2020, when the first lockdown resulted in the UK workforce having to work from home if possible, Dataplan were able to mobilise all our teams quickly and securely due to our Data Security protocols and approach.
- All staff were sent home with IT equipment and systems that mirrored their office working environment
- We already operated with a secure virtual desktop so our staff could work anywhere
- By providing 2 screens we ensured staff were able to view information and work on the other screen
- We had already removed the need of personal or sensitive data being transmitted via email through our client portals and help ticketing system
- Our ISO 27001 accreditation means we work to a robust data security framework
In fact, the Lockdown actually accelerated some of our Digital Transformation agenda including:
- The outsourcing of our printed payslips to secure print management company
- Moving clients onto our ePayslip platform
- Moving our P60 production digital
We are also started working towards ISO 27701 which is a privacy extension to ISO 27001. ISO 27701 has been specifically developed to define the measures an organisation should take to be GDPR compliant. Before this, there was no accreditation to state an organisation has the correct processes and this compliance was open to interpretation.
With the new ISO 27701 standard, there will, at last, be an independent accreditation for personal information management and Dataplan aim to be at the vanguard of this new standard.
Is your current payroll provision watertight?
This recent survey has highlighted the potential danger of staff working from home and outside of the data security protocols they may have in their office. This applies to in-house teams, but also your suppliers.
Do you know what data security protocols your payroll outsourcer is using for their processing teams when working from home?
With the personal and sensitive data involved in payroll, this is something that could be a substantial risk for organisations, whether they process payroll in-house or outsource. A risk they may not have even been aware of.