GDPR in COVID-19 times
When the new and more stringent rules on data protection came through in the form of GDPR, one of the most common gripes among firms was the amount of time it was going to soak up in a world that was already busy enough keeping a firm running profitably.
The gripe was right – it does take a lot of time to do it properly. And many firms would, if they were being honest with themselves, tacitly admit that they had probably done just enough to get themselves compliant by the due date.
Whether they’re keeping themselves there with regular reviews and training is perhaps another question. But, have they done enough really to benefit from coupling the legislative requirements more closely to the core of their strategy?
The time factor would probably have prevented this.
So, have people been benefiting from the Business Continuity Planning that is an essential part of the Good Governance requirements of the Data Protection Legislation? Maybe partially, but it’s difficult to cater comprehensively for unprecedented circumstances.
The slightly ironic silver lining of the current crisis is that, business having slowed by a significant level, firms are now blessed with a certain amount of time on their hands. It would be well spent on comprehensively reviewing how their Data Protection Policies shape up after nearly two years and what could be done to bring them into line with the realities of life and, taking into account the Brexit factor, that has probably been pushed to the back of peoples’ minds by COVID-19.
Policies to focus on would be:
Business Continuity and Disaster Recovery,
Remote Working Policies,
Use of Own Devices, and
IT protocols generally
Any necessary post Brexit revisions
Seize the opportunity and use it wisely!