Man walking through a busy open plan office

The General Data Protection Regulation (GDPR) represents a major shift in the way organisations are allowed to process personal data and there has been a huge amount of press on the burden on small businesses to comply with the Regulation.  In this article we look at the implications for businesses using flexible shared office spaces, an issue which has received very little press until now.

In recent years a number of shared office spaces have sprung up all over the country – offering affordable office spaces for businesses who need a place to work and somewhere to meet clients.  Shared office spaces are particular popular with start-up businesses due to their flexible nature and low overheads but they are also now increasingly used by large companies looking for a base in a particular location without the large overheads of having their own office.  The increase in remote work and home workers is also increasing demand for these solutions.

Whilst the benefits of these facilities are huge it does raise some difficult issues regarding data protection and confidentiality.

Often these shared offices will have separate offices available for those who need privacy but this usually comes at a premium – the majority of spaces available in these units will be a desk in shared office with a number of other businesses.  Essentially the set up is similar to an internet café where people bring their own laptops but with the advantage of having a guaranteed spot when you need it.

Businesses will often use their shared office space to take phone calls and carry out other office based work – the model works well for those who are not in the office all day and just need a base and an address to put on their business cards and website.  However it is important to remember the importance of confidentiality and data protection when using a communal office space – have you ever thought about whether other office users can overhear the names of your clients and other personal data or whether someone could be looking over your shoulder while you work on that client proposal?

Often businesses are on short term arrangements to rent the office space and it is this flexibility that appeals to many businesses but this does mean you will have businesses moving in and out all the time and you need to be mindful of this – do you really know who you are sitting next to?

With the coming into force GDPR and fines of up to 20 million euros or 4% of global turnover (whichever is higher) for breaches of the regulation you need to take steps to ensure the security of personal data.  Also do not forget confidentiality – if you are on the phone talking about your new invention you never know who may be listening – public disclosure will invalidate any patent claim and it is unlikely all those around you will have signed a confidentiality agreement.  You also don’t want to go in one day and discover the business next to you has decided to branch out and is cashing in on your new idea!

The availability of flexible office space is great for start-up business, encouraging innovation and collaboration but it is worth bearing in mind the following golden rules:

  1. Always think about who might be overhearing your conversations and if you will be discussing personal data (even if just an identifiable name, email address or phone number) or confidential information regarding your ideas or inventions consider making or receiving the call in a more private space. Essentially you should treat your shared office space the same as you would a coffee shop or other public space as not only will you have your neighbours around they may also have their own clients popping in and out throughout the day for meetings
  2. When choosing office space ask about what security they have in place – both physical security of the building and also any Wi-Fi connection you will need to use
  3. If you will also be using shared secretary or support services ensure your provider has an adequate data protection policy in place and all staff are bound to keep information about your business confidential
  4. Invest in a privacy screen for your computer screen
  5. Adopt a clear desk policy when you are not at your desk and at the end of every day – this is particularly important in a communal space
  6. Ensure any paperwork is kept in a secure cabinet
  7. Consider whether using a NDA with data protection provisions is necessary if other protections are not in place

Those providing flexible office spaces should be aware of their clients concerns around data protection and security and should work with their users to help them with their GDPR compliance as well as having their own robust polices and procedures in place.

The demand for flexible office space across the UK’s regional cities at least doubled last year and it is likely the industry will continue to grow.  GDPR marks a major change in the approach to data protection and it is important the flexible office space industry and its users do not ignore it.