Firms encouraged to remind staff working from home of GDPR policies

The law firm added that businesses who look to introduce new systems to monitor attendance and productivity during the Covid-19 pandemic should consider the “onerous requirements under GDPR” that “will require data protection assessments to be carried out”.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

DLA Piper said as well as technical and IT security issues, there are a range of practical considerations that employers need to be mindful of in order to maintain standards of data protection and confidentiality.

Employees living in shared accommodation who participate in conference calls should be provided with headsets to ensure that sensitive information is not overheard by housemates, as well as laptop privacy filters, it said.

Shredders or filing cabinets should be provided to remote workers routinely accessing high risk categories of data, it added.

Using personal mobile numbers and messaging apps “bring their own challenges in terms of whether staff have appropriate security on personal devices”, DLA Piper said.

Head of employment for Ireland, Ciara McLoughlin said: “The means by which we communicate and connect during this time must be carefully considered. Most remote workers are operating outside of their usual environment, so simple mistakes with bigger consequences can be made because employers have not had the foresight to have appropriate information security and confidentiality policies in place.

“Some employers are also dealing with confirmed cases of staff with Covid-19 and may breach those employee’s privacy after doing what they thought was the right thing and telling their colleagues. Rather than making decisions like this on the fly, it is vital that organisations assess potential weak points and how they would manage scenarios like a colleague testing positive.”