the gdpr forbids workers from taking personal data, or devices which can access personal data, outside of the workplace

The GDPR itself does not explicitly forbid workers from taking personal data or devices capable of accessing personal data outside the workplace. However, GDPR requires that organizations implement appropriate technical and organizational measures to protect personal data at all times, including when accessed or processed remotely or on personal devices. This means employees and employers must ensure security and compliance measures are in place when personal data or devices leave the secure workplace environment. Organizations typically address this through data protection policies, acceptable use policies, and BYOD (Bring Your Own Device) policies that set clear rules and security measures for handling personal data outside the workplace. These policies aim to prevent data breaches or unauthorized access when devices or data leave the workplace. In summary, GDPR mandates the security and protection of personal data everywhere, but it does not absolutely forbid taking data or devices outside of the workplace if proper protections and policies are implemented. Therefore, the statement that GDPR forbids workers from taking personal data or devices which can access personal data outside the workplace is not entirely accurate on its own; compliance depends on the safeguards and policies in place.