How does GDPR affect home workers?

Whether at home or in the office, employees continually access data, This always carries a risk. However, remote workers may be using public networks to access data and may move their devices into public spaces, increasing the risk of that device being forgotten on public transport or left somewhere public. When working remotely it can be more difficult to track a data breach and to identify how that breach has occurred.  

The GDPR increases fines for any data breach, while also giving individuals more rights with personal data. Many companies have put in place workplace policies that allow employers to track employees’ use of devices and their location. However, employees often use devices to access both work and their personal life and that makes separating work and personal activitydifficult. Without that degree of separation, the use of keystroke tracking technology could infringe the employees’ rights under GDPR, as such processing could be deemed as excessive and potentially disproportionate.

Article 32 of the GDPR requires that all organisations use technological and security measures, and while there are noprescriptive methods, there is a list of items that are considered suitable, e.g. encryption of data. Data encryption means that only approved users can access a data set, meaning that if a laptop were lost, the data would not be accessible without the encryption keys/code.  Blocking access to personal email, on the grounds that personal email is unlikely to carry the correct technical and security measures may also be a necessary intervention on work devices, for home workers.