You might have good justification for holding more detailed health information as part of your ordinary business (for example, if you’re providing healthcare services it’s vitally important) but don’t store information you don’t really need. That way, you can’t lose control of it!
Recording employment information
Your staff may be working different hours, they may be furloughed or on reduced shift patterns. Most of the information you hold will be important for your business - so you can manage payroll, keep in touch with staff and keep your business running.
This kind of information is likely to be standard HR management stuff - and so you should protect it accordingly. Like with all other routine employment information, only certain people should be able to see it: such as line managers, and the necessary HR professionals.
Adapting to new working patterns and behaviours after Covid-19
We covered working from home in a previous blog and video, but there are other ways in which your business may work differently to before:
- Filing personal data
We will see a reduction in “hot-desking” and use of shared working spaces. This might change the way people file away personal information they’re working on (such as paper copies). Have you set up secure places for them to use?
- Security measures and continued home working
Flexible and home working is likely to continue - so those temporary IT security measures you put in place may become more permanent. Make sure you review the measures you have in place to check they’re still fit for long-term operation. For example: if some staff have been logging on with their personal home computers, is now the time to issue them with work computers that can be part of your secure system? Find out more about protecting personal data you’re your team is working from home.
- Cover for data protection activities
Your team’s availability could still be variable, depending on how immunity plays out. Can you take steps to ensure that you have extra cover for key data processing activities? Maybe you don’t need a “Deputy Data Protection Officer” but getting someone else to cover some of the data protection tasks would be a useful back-up.
- Back-ups in case the worst happens
And speaking of back-ups...how are yours?! Make sure you’re backing up information securely in case the worst happens. Authorities have already seen an increase in cybercrime and ransomware that damages data and demands a payment. If you’ve got a recent back-up you can better protect yourself from this kind of threat.
About Astrid
Astrid is a secure online platform that makes data protection compliance simple. Developed with small businesses in mind, we provide you all the tools and guidance you need to become and remain compliant with data protection legislation. Find out more about
our services.
Subscribe now to get your small business compliant and safeguard your reputation, your finances and your business. With prices starting from £225 a year, it’s a small price to pay to protect yourself from potential prosecution and penalty fees.