We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Personal laptops

Hello_hb
Posts: 14 Forumite

I’m a remote worker and use my personal laptop. My work refuses to provide me with a laptop. We don’t connect to a work vpn /server. We take card details over the phone and have access to customers personal details. I know there is things that need to be done regarding data protection and gdpr, is it my responsibility or my employers ? When I asked my manager he said he’s not thought of it because he uses a work laptop.
0
Comments
-
So what are you connecting to from your personal device?
If you are connecting to a web site and the connection is over an HTTPS then that is encrypted traffic. From a GDPR point of view as long as there are processes and policies in place that you have to follow then they should be covered.
0 -
Hello_hb said:I’m a remote worker and use my personal laptop. My work refuses to provide me with a laptop. We don’t connect to a work vpn /server. We take card details over the phone and have access to customers personal details. I know there is things that need to be done regarding data protection and gdpr, is it my responsibility or my employers ? When I asked my manager he said he’s not thought of it because he uses a work laptop.Googling on your question might have been both quicker and easier, if you're only after simple facts rather than opinions!1
-
So if you told them your laptop has died and you couldn’t afford to buy a new one, what would their response be?All shall be well, and all shall be well, and all manner of things shall be well.
Pedant alert - it's could have, not could of.4 -
Hello_hb said:I’m a remote worker and use my personal laptop. My work refuses to provide me with a laptop. We don’t connect to a work vpn /server. We take card details over the phone and have access to customers personal details. I know there is things that need to be done regarding data protection and gdpr, is it my responsibility or my employers ? When I asked my manager he said he’s not thought of it because he uses a work laptop.
So how are you accessing the company systems for viewing customer details or taking payments if not VPN or VM?
In my day things in call centres were very lax compared to just before covid. We didn't have to be stripped of equipment, we had notepads and call recording was continuous. We've done full circle to some degree given the ability to stop people having a pen or notepad to record payment details has gone out the window0 -
It's primarily your employers respnsbility. Do they have a Data Protection officer? If so, perhaps flag your conerns to them (in writing and keep a copy )
I would also check what your work's policies say - ( our IT policy allows us to access anything on a computer used for work (All machines belong to us, but we have a policy which permits a limtied amount of personal use . There is a reminder of the policy which pops up when you log in, and we have secure, encrypted VPN for WFH)
i wpuldalso be considering having issues with my perosonal machine and reuqesting that one is issued, although of course you mightfinfd that you are instead told you have to work in person from the office.All posts are my personal opinion, not formal advice Always get proper, professional advice (particularly about anything legal!)0 -
If you're taking payment card details then you absolutely should be using a work computer or your employer won't be compliant with the PCI DSS requirements. Their (financial) liability though rather than yours.0
-
Plasticman said:If you're taking payment card details then you absolutely should be using a work computer or your employer won't be compliant with the PCI DSS requirements. Their (financial) liability though rather than yours.2
-
DullGreyGuy said:Plasticman said:If you're taking payment card details then you absolutely should be using a work computer or your employer won't be compliant with the PCI DSS requirements. Their (financial) liability though rather than yours.0
-
DullGreyGuy said:Plasticman said:If you're taking payment card details then you absolutely should be using a work computer or your employer won't be compliant with the PCI DSS requirements. Their (financial) liability though rather than yours.
Data protection legislation and PCI (card processing compliance) are very different things. I managed PCI compliance as part of my job several years ago and and the computer used for processing was in scope for PCI compliance even if you were working on a VPN or via Citrix. Things might have changed since then of course but the guidance here implies not:
Protecting Payments While Working Remotely (pcisecuritystandards.org)
Ultimately though this is a risk for the employer and for them to manage as part of their PCI compliance. In this situation you should be aware of what you can or can't do because your training and policies should make it clear. If you haven't had any training then that's a good sign that the employer doesn't take it seriously.
0 -
If you are talking about VM software like Citrix then the machine you are working on is the virtual machine on the employers servers not the device physically in front of the user.0
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 350.1K Banking & Borrowing
- 252.8K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243.1K Work, Benefits & Business
- 597.4K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards