Each day, around 2.5 quintillion bytes of data are generated around the globe.
This includes all of the information that’s created, collected and stored by businesses who use digital tools to manage their workers.
It allows them to benefit from faster and more streamlined work processes but it also creates the challenge of making sure that any data managed is safe, secure and compliant.
A recent survey of UK companies found that almost two-thirds (62%) identified data security as the hardest part of managing a growing mobile workforce.
So what makes it so difficult and what can you do to safeguard your business from the potential pitfalls of data breaches?
In this blog, we'll outline:
- What does the law say about mobile workforce data?
- What are the potential punishments if you breach UK GDPR?
- How best to manage mobile workforce data
What does the law say about mobile workforce data?
For UK based companies, the rules that set out how information must be managed are covered by the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR).
The UK GDPR legislation went live on January 1st, 2021 and, with a few minor variations, matches the corresponding European Union laws. The UK regulations are policed by the Information Commissioner’s Office (IPO).
The laws are designed to be broad brush-stroke, to provide businesses with general guidelines rather than intricate rules covering every situation. This places the onus on an employer to apply and interpret these rules for their business.
The main focus is on Personally Identifiable Information (PII). This is any data that can be linked to an individual such as an email address, phone or social security number.
It also covers data that may not include an identifier but could be used to connect to a person, such as photos, location data and browsing histories.
Some of the general principles are to make sure data is:
- Fair, lawful and transparent
- Used for a specific purpose
- Up-to-date, accurate and relevant
- Kept for no longer than is necessary
- Handled and stored securely
Employees should consent to provide any personal data and they have a right to request any information that a business holds on them.
What are the potential punishments if you breach UK GDPR?
The UK legislation allows maximum fines of up to £17.5 million or 4% of a companies global turnover - whichever is greater.
How best to manage mobile workforce data
For many businesses, the need to manage data security is a relatively new challenge. So the first step is to simply understand the responsibilities of an employer and the requirements for compliant working processes.
Here are some ways to manage mobile workforce data:
- Carry out an audit
- Create a data policy
- Review device management
- Centralise data management
1. Carry out an audit
An information audit is a great place to start when looking to take control of your information responsibilities. This can be done internally or by bringing in an external company to review your operations.
The purpose of an audit is to identify:
- What information do you store, process and collect?
- What is the justification for collecting the data?
- How much of the information is PII?
- How and where is the data stored?
- Who has access to the various types of data?
- How accurate, relevant and up-to-date is data?
An audit of this kind is a great way to start untangling the muddle that can be caused when legacy information is stored at a variety of locations and in a range of physical and digital formats.
2. Create a data policy
Data protection and security is no longer something that should be left to an IT department to handle, it has to be managed across a mobile workforce business. To do this effectively, you need to have a policy in place that sets out how information is to be compliantly collected, processed and secured.
The two main purposes of a data policy are to provide:
- Clear guidelines: A data policy should outline in simple terms how the information within your business should be handled: what, how and why data is collected.
- Consent agreement: A policy allows workers to make an informed decision when being asked to give their consent for personal data to be collected.
Once a policy has been created, a process must be created to ensure that all workers are informed and provided with any additional help or training that they may require.
Policies should be regularly reviewed and updated to ensure they are effective and cover any relevant changes to data protection legislation.
3. Review device management
A mobile phone or handheld device has become the most important tool for a mobile worker. It provides a fast and simple way for them to receive and collect all the information needed to do their job.
But with this comes the task of making sure that remote data across a workforce remains secure. It’s for this reason that many companies opt to provide workers with mobile devices rather than a BYOD (Bring Your Own Device) approach.
By supplying the devices, an employer can maintain much greater control over their business data. It allows them to control what’s loaded onto the devices and provides ways for phones to be wiped if a device is lost or stolen.
Similar protections can also be applied to personal devices with Mobile Device Management (MDM) tools but security is harder to maintain when there’s less control.
4. Centralise data management
The basic requirement for data security is effective data management. You need to keep track of exactly what information you have, to ensure its accuracy and to maintain easy access to it.
A simple test is how easy is it for your business to deal with a personal data request - to collate all of the info you hold on a worker.
The most effective way to manage data is with digital processes and a centralised system. A cloud-based digital workforce management system helps to pull together all of the data you have across a mobile team.
A system such as MyMobileWorkers can integrate data policy checks and notifications into the workflow. Reporting tools allow all of the information to be accessed within seconds.