What you need to know about GDPR and remote working


The mass migration to remote working due to Covid-19 has created unexpected General Data Protection Regulation (GDPR) issues. Here is the latest information on regulation and what you need to be aware of.

The first week of May will see the two-year anniversary of GDPR, rules which ensure that organisations collect personal data legally, and under strict conditions. In addition, those who collect and manage data are obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners.

During the Covid-19 crisis, the UK regulator, the Information Commissioner's Office (ICO), is relaxing its approach to GDPR enforcement, in line with its commitment to being “pragmatic” and “proportionate”.

The ICO will take into account the strain on frontline services and organisations facing staff shortages and financial pressures when applying data protection laws.

In April the ICO said, “We acknowledge our responsibility to take into account these exceptional circumstances. We set out the flexibility the law gives us to be a pragmatic and empathetic regulator. We confirm our efforts will be focused on the greatest threats. And we acknowledge the important role that people’s information rights will continue to have.”

In terms of practical advice for remote working, there's a risk that businesses don't instil a proper process for transferring files including personal data - either through a secure file transfer provider or at least ensuring staff are locking documents and sending passwords separately.

Additionally, with so many people working from home, it's about ensuring that secure internet connections are being used - not borrowing other people's or using open networks.

Businesses will be trying to do a lot of free marketing to pick up new clients in the current climate therefore it’s critical that businesses know their legal basis for processing data - i.e. have they got consent and can they prove it? If not, can they use legitimate interest? Importantly, they should pick one reason and have proof of it.

In the current lockdown it is unlikely that you will be travelling extensively for work but when restrictions are eased remember that lost and stolen mobile devices and laptops are easy pickings for cybercriminals. The first line of defence is to look after them - always keep them in sight when in use, and never leave them in a vehicle.

Aside from remote working, if your startup is building new technology, here the UK Information Commissioner gives a few areas of data usage focus. It is Covid-19 specific, but the advice transfers across to any new tech build and processing customer data.

Barclays (including its employees, Directors and agents) accepts no responsibility and shall have no liability in contract, tort or otherwise to any person in connection with this content or the use of or reliance on any information or data set out in this content unless it expressly agrees otherwise in writing. It does not constitute an offer to sell or buy any security, investment, financial product or service and does not constitute investment, professional, legal or tax advice, or a recommendation with respect to any securities or financial instruments.

The information, statements and opinions contained in this content are of a general nature only and do not take into account your individual circumstances including any laws, policies, procedures or practices you, or your employer or businesses may have or be subject to. Although the statements of fact on this page have been obtained from and are based upon sources that Barclays believes to be reliable, Barclays does not guarantee their accuracy or completeness.

Share this page

Go back to the top of the page