To meet the January deadline staff work extra hours at home. It means the firm gets the work done, the clients get their returns filed on time and the staff get extra pay. In the past staff would take clients paper records home and work on spreadsheets on USB sticks. In the light of GDPR what is permitted and what is not. I've checked ICAEW and ACCA guidance but they don't answer questions such as:
1. Does GDPR permit staff to take paper records out of the office?
2. Must this need to be in the letter of engagement?
3. Is it permitted to carry data on USB stick?
4. Must the data be encrypted as opposed to it merely being good practice?
5. Is it permitted to sync data between work and home PC using DropBox? If so, must it be encrypted as opposed to it merely being good practice?
6. Is it permitted to email data between work email and home email? If so, must it be encrypted as opposed to it merely being good practice?