Subject access requests: pupil information
Under the Data Protection Act 2018 (DPA) individuals (such as pupils) have the right to obtain a copy of their personal data.Read more
During the coronavirus pandemic, many businesses have had to rely on IT solutions to enable them to move to remote working and many will not be moving back to full-time office-based working soon or, perhaps, ever.
Despite this being an unprecedented situation, the legal obligations of a business have not changed, and this includes the obligation to comply with data protection law.
The Data Protection Act 2018 (DPA) requires those processing personal data to implement appropriate technical and organisational measures to ensure the appropriate security of that data. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.
To ensure compliance, businesses that are operating a remote working model should be thinking carefully about the measures they have implemented for staff, to ensure the security of personal data.
A good way to determine what potential vulnerabilities the business faces would be to conduct a risk assessment.
Below is a non-exhaustive list of checks to perform now to determine whether your IT system/practices are vulnerable to risks that could put you in breach of the DPA:
It is important that you comply with the DPA at all times, not just when your staff are working in the office. As remote working will inevitably increase the risk of a data breach, you should:
Please note, the information included in this update is correct at the date of publishing.
Should you require any further information on complying with the DPA, or updating your existing policies and procedures to ensure they provide suitable guidance for remote working, please call us on 01332 226 130 or complete the form below.
Scroll to next section
Scroll back to the top