The benefits of a clear desk policy
A clear desk policy can play a valuable role in ensuring compliant security practices in the workplace, as well as creating a more efficient and environmentally-friendly working environment.
In practice, clear desk policies are not the most straightforward to implement. It can be challenging to monitor compliance, and some employees may find it hard to change their habits. However, with a well-considered policy and implementation plan, you can create a more productive and secure workplace.
What is a clear desk policy?
Clean desk policies are used by many businesses primarily to reduce the risk of data and security breaches. The policy provides guidance and rules about how employees’ desks and devices should be left at the end of the day, to avoid unauthorised access to sensitive or confidential information.
Put simply, a clean desk policy requires all personnel to remove any paper or other objects containing sensitive information from their desk at the end of the day to then be fully disposed of, shredded, or stored securely. Other objects that must not be left on a desk include phones, CDs, USB sticks, memory cards, or anything else that could contain sensitive or confidential information.
Clear desk policies are generally also used in conjunction with ‘clear screen’ policies, which require employees to lock their screens every time they are away from their desks. This again is to prevent unauthorised access, whether by other employees or third parties.
Why organisations should have a clear desk policy
To ensure compliance under the GDPR (General Data Protection Regulations), an organisation that handles any form of sensitive data would benefit from a clean desk policy. GDPR requires that organisations handle not only digital data with great care to ensure confidentiality, but physical data too.
In addition to cybersecurity measures and safeguarding digital data, organisations must also ensure that physical copies and documents are handled, stored, used and destroyed as required under the regulations.
If an organisation fails to comply with GDPR, they risk substantial fines — up to 4% of the annual turnover.
A clean desk policy can also improve efficiency at work since employees are not wasting time printing off, sorting and looking for physical documents. Plus, research shows that people who work in organised work spaces feel less stressed.
On top of this, a clean desk policy helps with the cleanliness and tidiness of your office in general, which helps create a good impression if you have clients in your office attending meetings.
What to include in a clear desk policy
Ensure all devices and objects that could access sensitive data are stored away
It’s not only copies of documents that need to be stored away — mobile phones, post-its, USB sticks, business cards, CDs, DVDs, and keys to storage drawers or rooms should also be hidden.
Make sure employees lock their screens when not at their desk
Most clean desk policies also include a ‘clear screen’ policy that requires all employees to lock their screens when they are not at their desks. This ensures that no one can access any sensitive information on a screen when the employee is not at their desk.
Implement the same rules for printing facilities
You should make sure your printing facilities have a “locked printing” ability. Many office printers can be enabled by a keycard to ensure that only the person who requested the printing can access the documents. On top of this, you should ensure that all documents left in the printer are properly removed at the end of the day.
Prohibit writing down passwords
Some workers have a bad habit of scribbling passwords on post-it notes all over their desks. It’s a good idea to introduce the use of a password manager when you introduce your clean desk policy to avoid passwords being lost and ending up in the wrong hands.
Enforce the same rules across all levels
Many policies fail because they are not embraced at all levels, especially by senior staff members, who may feel like they are an exception to the rules. However, this is one of the key reasons that policies like these fail.
People tend to work by example, so if junior employees see managers following the policy, it’s much more likely to catch on and have a positive effect on your business. If staff members see senior employees ignoring the rules, they’re likely to do the same.
Ensure compliance by making employees aware of the consequences
Normally, team managers or office managers are tasked with ensuring that staff members are compliant with following the clean desk policy. If the policy isn’t followed, you should try to enforce some form of penalty.
The consequences shouldn’t be anything too serious, but continuous non-compliance should be punished with a disciplinary warning. The fines that could be incurred if a security breach were to occur could be huge, so your clean desk policy has to be taken seriously.
How to implement a clean desk policy
Clearly define the specifics of the policy
Make sure you spend enough time to come up with the full specifics of the policy. You should include all the important points from the start since adding additional rules retrospectively will cause complications, and the policy is less likely to be followed.
Write up your policy
The next step is to write up your policy. Make sure the rules are clear and can be easily accessed by all employees. You should send a copy of the policy to all employees and make it readily available to everyone on the company’s intranet. Plus, you can also place physical copies around the office in communal areas to ensure everyone is aware of them.
Conduct training on the clean desk policy
As well as sending a copy of the policy to all employees, it’s also a good idea to conduct a short training session on the clean desk policy to help spread awareness and ensure employees are compliant. It’s important that staff members know why the policy is required. You should focus on the security and environmental benefits to help people understand the importance of the policy.
It can also be useful to send your employees a “clean desk checklist” that they can refer to every day. This means they can check on what is permitted within the clean desk policy and what is not. This ensures people aren’t wasting time getting rid of things that don’t need to be removed from their desks and don’t leave anything that could be a risk.
Provide secure disposal and storage solutions
Employee desks should have locked drawers where staff members can store away important documents if a physical version is required. However, if the document does not need to be kept, you should make sure employees dispose of it as soon as possible in an appropriate manner. Many organisations provide confidential waste bins for confidential information to be taken care of appropriately. They could also be shredded.
It’s extremely important that employees do not throw important documents in regular waste bins, as it’s possible for these to end up in a communal space where anyone can access them.
Monitor and enforce the policy
Once the policy is in operation, you must ensure it is closely monitored and enforced. Office managers or team leaders are generally tasked with ensuring compliance with policies such as these. Whether or not disciplinary action is taken for non-compliance depends on the seriousness of the situation.
Benefits of a clear desk policy
There are many benefits to having a clean desk policy:
Avoid fines for non-compliance with GDPR
A clean desk policy provides an additional layer of security since you’re reducing the risk of sensitive information being seen or accessed by unauthorised parties.
It can also help organisations with their accreditations, such as ISO 27001, which requires compliance with GDPR throughout the organisation.
Help sustainability and green initiatives
A clean desk policy typically leads to less paper being printed off. This ensures reduced waste and helps with sustainability programmes. Some businesses also encourage supporting sustainability by rewarding employees for printing less.
It’s good practice to keep track of how much was printed off before the introduction of the clean desk policy and monitor the reduction over time to encourage staff to print less.
Save on printing costs
Following on from the previous point, less printing means you spend less money on printing materials, such as paper and printer consumables, and potentially less on document disposal.
Speed up digitisation
Digitisation of the workplace is unavoidable. Reducing the amount of printing means that more people will rely on accessing documents digitally, thus improving your digitalisation in general. It also means that a remote working model is easier to adopt.
Improve employee organisation
Another benefit of using digital documents is that it helps your employees in being more organised. Not having to sift through or sort out lots of physical documents means employees save time during the working day. Digital files can simply be
Tips for your clean desk policy
Teach organisation skills to employees
Showing your employees skills to help them improve their organisation skills at work can help ease the transition to the clean desk. You should also explain the benefits of working in an organised environment to encourage them to take it seriously and change their working habits.
Provide IT training to help with digitisation in the workplace
Moving onto a fully digital working model can be difficult for some employees. For this reason, it’s a good idea to provide IT training to help employees move away from working with physical documents.
Invest in a digital document management platform
With your workplace going digital, it’s a good idea to invest in a quality document management platform that can help you store and file your document in a way that’s easy for them to find. This will also make the transition easier for your employees.
Provide adequate storage at desks
To avoid papers and devices being left around desks, you should make sure that your employees have plenty of storage available to them to store sensitive information securely.
Provide secure disposal
Sometimes there is no way to avoid documents being printed off. However, once they are no longer needed, you should have plenty of tools in the office that can dispose of them. Some businesses have confidential waste bins that will be dealt with in the correct way. It’s also possible to provide paper shredders in the office to get rid of sensitive information.
Clean desk policy FAQs
What is a clean desk and screen policy?
A clean desk and screen policy is a policy implemented by many businesses to ensure compliance with GDPR. These policies ensure that confidential information is not left sitting around an office unattended, meaning there is less chance of a data breach.
How do you enforce a clean desk policy?
To enforce a clean desk policy, you first need to make sure that your employees are fully aware of the rules within your policy. You must also ensure that you monitor your policy closely. Office managers or team leaders are good people who monitor and enforce your policy.
What is a clear desk policy in terms of GDPR?
A clean desk policy is a simple way to avoid confidential information being accessed and shared, causing a data breach. The policy requires all employees to keep their desks clean and tidy and not leave anything that could lead to sensitive information being shared.
Why is a clear desk policy important?
A clear desk policy helps you avoid data and security breaches by keeping all employees’ desks clear to avoid confidential information being found by building staff and risking being shared. Plus, it encourages employees to print less and leads to smarter working.
Do you need to have a clean desk policy?
A clean desk policy is not a requirement. However, having one is good for any business that handles sensitive data. It helps ensure compliance with GDPR and helps employees work smarter while being more organised.
The matters contained in this article are intended to be for general information purposes only. This article does not constitute legal advice, nor is it a complete or authoritative statement of the law, and should not be treated as such. Whilst every effort is made to ensure that the information is correct, no warranty, express or implied, is given as to its accuracy and no liability is accepted for any error or omission. Before acting on any of the information contained herein, expert legal advice should be sought.