As discussed in our previous blog post: 4 Working from Home Security Tips, many organization have changed the way they connect and communicate in their new working from home (WFH) environments. Therefore organisations must adjust data protection controls to account for changes that the pandemic has brought in our new working environments.
The development of COVID-19 does not alter the fact that an organisation should have a strong privacy control environment in place when processing individuals’ personal information. Circumstances now are deemed unusual, and most organisations are operating from home-based offices, but it’s of utmost necessity that measures are put in place to ensure a regulated environment. Here are a couple more tips to help ensure your keep up with data protection requirements.
Records update for Covid-19
This is a requirement under the GDPR to hold records of processing activities. You should check if these records cover the COVID-19 Pandemic; the records should be updated accordingly to specify the condition for processing. This includes the special category data condition relied upon and the retention period should be noted. As this involves employees and special category data, a DPIA should be considered. The DPIA will allow you to consider compliance risks and any risks to the rights of individuals, which will help you identify and minimise those risks.
Sharing of personal data and due diligence
Due to the pandemic, personal data may be shared with new service providers and vendors, or the sharing of new categories of personal data with existing providers. Due diligence should be applied prior to sharing such personal that includes ensuring appropriate security measures are in place. In the case where service providers are handling personal data on your behalf, you’ll need to have a suitable contract in place containing the provisions prescribed by the GDPR.
Communication with customers
Although this is not a GDPR requirement, it’s good to ensure you are keeping in touch with your customers. Retaining customer confidence is critical during these uncertain times. If you haven’t already informed customers of the business closure or changed trading hours, it’s important to do so. It’s advisable to be careful about sending marketing information along with COVID-19 updates in your communications. Be cautious to not include an advertisement or promotional offer as this may be beyond what certain customers would expect to receive during the pandemic.
We hope you found this useful. If you have any concerns or questions on how to update your processes and policies to ensure you’re covering all GDPR data protection requirements, in this new working environment, please feel free to contact one of our Data Protection Experts.