Before Covid-19, working from home was reserved for those who were unable to get into the office and staff in this position were set up securely with a company-issued laptop and access to a VPN. GDPR policies for working from home were drafted to demonstrate how data should be accessed as part of the company data protection framework.
But when lockdown was announced in March, many small businesses were unprepared and forced to act quickly to ensure staff could work remotely. Few small business owners considered the impact this could have on their GDPR obligations – as personal data was now being accessed outside the office environment, where few controls were in place and little specific data protection training had been offered. This massively increased the risk of data breaches across the operatio