Personal laptops

I’m a remote worker and use my personal laptop. My work refuses to provide me with a laptop. We don’t connect to a work vpn /server. We take card details over the phone and have access to customers personal details. I know there is things that need to be done regarding data protection and gdpr, is it my responsibility or my employers ? When I asked my manager he said he’s not thought of it because he uses a work laptop. 
«1

Replies

  • 400ixl400ixl Forumite
    1.6K Posts
    1,000 Posts First Anniversary Name Dropper
    Forumite
    So what are you connecting to from your personal device?

    If you are connecting to a web site and the connection is over an HTTPS then that is encrypted traffic. From a GDPR point of view as long as there are processes and policies in place that you have to follow then they should be covered.


  • MarconMarcon Forumite
    7.5K Posts
    Sixth Anniversary 1,000 Posts Name Dropper Combo Breaker
    Forumite
    Hello_hb said:
    I’m a remote worker and use my personal laptop. My work refuses to provide me with a laptop. We don’t connect to a work vpn /server. We take card details over the phone and have access to customers personal details. I know there is things that need to be done regarding data protection and gdpr, is it my responsibility or my employers ? When I asked my manager he said he’s not thought of it because he uses a work laptop. 
    Ultimately it's your employer who is responsible for what its employees do. Have you seen your employer's policy on data protection/received any training? If not, now would be good...
    Googling on your question might have been both quicker and easier, if you're only after simple facts rather than opinions!  
  • elsienelsien Forumite
    29.9K Posts
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Forumite
    So if you told them your laptop has died and you couldn’t afford to buy a new one, what would their response be?
    All shall be well, and all shall be well, and all manner of things shall be well.

    Pedant alert - it's could have, not could of.
  • DullGreyGuyDullGreyGuy Forumite
    3.5K Posts
    1,000 Posts Name Dropper
    Forumite
    Hello_hb said:
    I’m a remote worker and use my personal laptop. My work refuses to provide me with a laptop. We don’t connect to a work vpn /server. We take card details over the phone and have access to customers personal details. I know there is things that need to be done regarding data protection and gdpr, is it my responsibility or my employers ? When I asked my manager he said he’s not thought of it because he uses a work laptop. 
    Ultimately, both... their's is higher in terms of making sure employees have appropriate tools etc but you also have a responsibility to follow the company rules.

    So how are you accessing the company systems for viewing customer details or taking payments if not VPN or VM? 

    In my day things in call centres were very lax compared to just before covid. We didn't have to be stripped of equipment, we had notepads and call recording was continuous. We've done full circle to some degree given the ability to stop people having a pen or notepad to record payment details has gone out the window
  • TBagpussTBagpuss Forumite
    10.9K Posts
    Part of the Furniture 10,000 Posts Name Dropper
    Forumite
    It's primarily your employers respnsbility. Do they have a Data Protection officer? If so, perhaps flag your conerns to them (in writing and keep a copy ) 

    I would also check what your work's policies say - ( our IT policy allows us to access anything on a computer used for work (All machines belong to us, but we have a policy which permits a limtied amount of personal use . There is a reminder of the policy which pops up when you log in, and we have secure, encrypted VPN for WFH)

    i wpuldalso be considering having issues with my perosonal machine and reuqesting that one is issued, although of course you mightfinfd that you are instead told you have to work in person from the office. 
    All posts are my personal opinion, not formal advice Always get proper, professional advice (particularly about anything legal!)
  • PlasticmanPlasticman Forumite
    2.5K Posts
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    Forumite
    If you're taking payment card details then you absolutely should be using a work computer or your employer won't be compliant with the PCI DSS requirements. Their (financial) liability though rather than yours. 
    If the American people ever allow private banks to control the issue of their currency, first by inflation, then by deflation, the banks and corporations that will grow up around [the banks] will deprive the people of all property until their children wake-up homeless on the continent their fathers conquered." -Thomas Jefferson 1802
  • DullGreyGuyDullGreyGuy Forumite
    3.5K Posts
    1,000 Posts Name Dropper
    Forumite
    If you're taking payment card details then you absolutely should be using a work computer or your employer won't be compliant with the PCI DSS requirements. Their (financial) liability though rather than yours. 
    Would love a quote @plasticman as with the likes of Citrix you are technically working on a VM on the employers servers. I dont take payments but the DPO was fully comfortable that no matter where I was the data wasn't leaving the UK as the VM was in East London
  • JReacher1JReacher1 Forumite
    4.5K Posts
    Ninth Anniversary 1,000 Posts Name Dropper I've been Money Tipped!
    Forumite
    If you're taking payment card details then you absolutely should be using a work computer or your employer won't be compliant with the PCI DSS requirements. Their (financial) liability though rather than yours. 
    Would love a quote @plasticman as with the likes of Citrix you are technically working on a VM on the employers servers. I dont take payments but the DPO was fully comfortable that no matter where I was the data wasn't leaving the UK as the VM was in East London
    agree 100% with this. Whether it is your device or your employers is irrelevant. Using Citrix or another VPN will meet all data requirements. 
  • PlasticmanPlasticman Forumite
    2.5K Posts
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    Forumite
    If you're taking payment card details then you absolutely should be using a work computer or your employer won't be compliant with the PCI DSS requirements. Their (financial) liability though rather than yours. 
    Would love a quote @plasticman as with the likes of Citrix you are technically working on a VM on the employers servers. I dont take payments but the DPO was fully comfortable that no matter where I was the data wasn't leaving the UK as the VM was in East London

    Data protection legislation and PCI (card processing compliance) are very different things. I managed PCI compliance as part of my job several years ago and and the computer used for processing was in scope for PCI compliance even if you were working on a VPN or via Citrix. Things might have changed since then of course but the guidance here implies not:

    Protecting Payments While Working Remotely (pcisecuritystandards.org)

    Ultimately though this is a risk for the employer and for them to manage as part of their PCI compliance. In this situation you should be aware of what you can or can't do because your training and policies should make it clear. If you haven't had any training then that's a good sign that the employer doesn't take it seriously. 


    If the American people ever allow private banks to control the issue of their currency, first by inflation, then by deflation, the banks and corporations that will grow up around [the banks] will deprive the people of all property until their children wake-up homeless on the continent their fathers conquered." -Thomas Jefferson 1802
  • DullGreyGuyDullGreyGuy Forumite
    3.5K Posts
    1,000 Posts Name Dropper
    Forumite
    If you are talking about VM software like Citrix then the machine you are working on is the virtual machine on the employers servers not the device physically in front of the user. 
Sign In or Register to comment.
Latest MSE News and Guides

Martin and MSE campaign win

April's 20% energy price guarantee hike postponed

MSE News

Childcare budget boost

More support for children from nine months and those on Universal Credit

MSE News

Energy Price Guarantee calculator

How much you'll likely pay from April

MSE Tools