Most of DPA stated that the pandemic outbreak does not derogate to normal rules on data protection, yet the emergency requires to balance and mitigate risks. So, in order to perform a Data Protection Impact Assessment, you will need to follow the usual procedure in order to estimate risks.Some of the risks arising from homeworking relate to:• unauthorized access (i.e. family members of the workers),• data breaches because of accidental loss of data,• insufficient security measures (due to the use of workers’ personal devices).
In order to mitigate risks, you can have a look at our template on teleworking and Bring Your Own Device Policy in order to establish a policy for homeworkers that suits to your needs. Remember to consider DPA guidelines and additional internal rules (i.e. on workers' surveillance).