How Businesses Should Address GDPR During the COVID19 Pandemic

The impact of COVID-19 on a global scale can still not be truly estimated and will not be clear for many years to come. Indeed the world has possibly not seen an upheaval like this since the end of World War II.

Fir businesses base din the European Union there are many different things to consider as they strive to maintain their revenue streams while business can be somewhat restricted. Not all sectors are impacted equally, obviously, and some have even experienced growth.  In a lot of cases, however, there are many accounts of a great struggle to deal with staff shortages, less room to do business in and the financial pressures that have arisen due to business being at a, possible, all-time low. So every effort has been made by businesses to continue to do as much as possible, safely and within reason.

In order to continue doing business there are a number of key things that business must address. Firstly look after existing clients. Before seeking new revenue streams it is important, for consistency and reputation, to ensure that your existing customers remain happy with you service. If you have staff working remotely it is wise to ensure that they are doing everything possible to avoid a General Data Protection Regulation (GDPR) breach and keeping private data safe from being exfiltrated by hackers.

Along with keeping you reputation as a good company to do business with you will also be avoiding a potential GDPR fine of up to €20m or 4% of annual global revenue for the previous calendar year, whichever figure is higher. You would also have to deal with an investigation and the drawn out legal process. You should ensure that you staff are 100% up to date on what they must do to comply with GDPR when they are working remotely. Be sure to have an open channel of communication where staff members can voice any concerns that have in relation to the protection of private data.

An audit of the password protections that you have in place is a key requirement, particularly if you are allowing staff members to work remotely using their own computing devices. It should be emphasised to them that it is never acceptable to share passwords with an external parties and to be careful if other family members or friends have access to their laptop, desktop computer or mobile devices. Automatic logging out should be set so that a device, if it is left unattended for a period of time, is automatically logged out and access is not possible.  The use of personal email accounts should not be allowed as these are much more easy to hack than a work email account.

In addition to this you should remind them to be careful about taking phones calls relating to private and protected issues when they are within earshot of a family member or house mate. It cannot be stated enough, once again, that the onus is on you to keep reminding you staff of all these things that they must keep in mind.

Those who are responsible for managing and maintaining your databases and network in your IT department must be directed to be more stringent than ever when ensuring that all possible security measures and processes are in place. A close eye should be kept on staff, whether b manual or automated reviews, to make sure that they are not doing anything using questionable methods. If there are, as there should be, external working policies in place then they will have guidelines to follow. However, if there are not then it is vital that they are set up and circulated as soon as possible.

The COVID19 pandemic is a daunting thing to deal with from many different perspectives, be it personal or professional. However, it is vital that you give your business the best chance of survival by enrugin the GDPR is always being adhered to and that you have done everything possible to prevent cyberattacks from infiltrating your systems and steal the private data of your valued clients.