Data protection

​Data Protection And Working From Home


In these difficult times, remote working is the recommendation for Cardiff Met Staff. However it presents both significant benefits but also potential risks. Whilst staff may have remote access to information held on secure campus servers, this is without some of the physical protections available on site and the protections provided afforded to the network by our firewalls and access controls. There is also a much greater risk of unauthorised access to, and loss or destruction of, data whilst working in this way.


What should I do when I am working from home?

If you took a work computer home with you, try to limit access to this computer for non-Cardiff Met staff. Please try to avoid other householders, including your children, using your work computer.

When working from home you must ensure that that your computer is properly protected with the latest anti-virus and anti-malware software installed. Do not write down your Username and Password. Do not give your details to anyone else, including your family.

Do not to leave the screen on when you are no longer using the computer as this could allow sensitive data to be seen by others.

When you have finished working make sure that you fully close down all applications that you have been using, especially any secure connections that you might have previously established.

You will have been given access to Cardiff Mets online office resources, including Outlook and your OneDrive file storage. These should be used whenever appropriate to your work. Do not store files on your local computer, or any removable storage.

Please refer to the online flash guides to remote working for further advice and guidance on working away from the Campus.


Does the General Data Protection Regulation (GDPR) apply if I am working from home?

Yes, if you are processing any identifiable personal data of any living individual as part of your duties then this must be done is accordance with GDPR. This includes paper-based data.


Where should I work from when I am working from home?

You should ensure that you maintain a similar level of privacy whilst working from home to that which you would when working in your own work space. You should ensure that any confidential information on your screen is not visible to anyone else, where possible.


I need to send a file which contains personal data to another member of staff, what should I do?

Rather than sending the data file it would be better to use an application such as Microsoft OneDrive to provide access to the file in-situ. If you cannot do this, do not send the data file to a personal email address as this would be considered a data breach and ensure that the file is encrypted before it is sent.


What should I do if I receive an email that includes an attachment which includes Personal Data?

Before opening any file you must be certain that it has been sent from a genuine source. If you need to store any files, these should be stored on your OneDrive account.


I suspect a Data Breach has occurred whilst I have been working from home, what should I do?

If you suspect a data breach has occurred whilst you are working from home you should report the suspected data breach to Cardiff Mets Data Protection Officer . The suspected data breach will then be investigated and you will be contacted again during the investigation for further information.