PA life
PA life

GDPR and data protection: What do businesses need to know in the age of COVID?

clueless GDPR

COVID-19 has caused significant impacts across all aspects of society, however many UK businesses have struggled to navigate these changes. The public health emergency has meant that many organisations are facing staff shortages, limited operating capacity, and acute financial pressures impacting their finances and cash flows.

For many businesses the continuation of work has been crucial and working from home is now common across a number of sectors, even as the furlough scheme begins to wind down.

Phil Parkinson, Head of Commercial Law at Blacks Solicitors discusses the rise in new issues being experienced by businesses, particularly around GDPR and data protection, and what employers need to be aware of.

What do employers need to know?

Itโ€™s crucial that businesses preserve the trust of their clients, suppliers and customers in order to maintain cash flow. GDPR must continue to be a key focus for employers and employees to ensure that the sensitive information held by the company is kept secure.

A breach in GDPR during this difficult time could be catastrophic for a significant number of organisations with the potential for fines of up to ยฃ10m or 2% of annual global turnover1. This could leave many organisations crippled, particularly in a time of recession which weโ€™re currently facing.

The flexibility of the law enables the regulation of GDPR to continue whilst recognising the unique challenges currently facing businesses. This includes the reduction in resources and staffing which could impact the ability to comply with aspects of GDPR and freedom of information (FOI), such as how quickly FOI requests are handled.

The importance of IT departments

Now more than ever, itโ€™s recommended for IT departments to review procedures and security to enable people to successfully continue working from home, or return to work after a period of furlough leave, without breaching data protection. If the department is struggling, outside help should be used to ensure connections are as secure as possible.

It may be that companies already have policies in place, particularly around working from home, but all business owners and employers must communicate to staff how they can protect data and make sure that all decisions are recorded so that information is available at the conclusion of the emergency.

Even if there is no formal policy, whilst this is being set up an email or correspondence should be shared with staff, highlighting issues to be aware of and how these can be combated.

How can staff contribute?

If employees are using their own equipment either in the workplace or at home, everything should be password protected and no passwords should be given to a third party. Furthermore, for people living with or working around other people, any computers or other devices in use should always be locked when leaving the room.

Where possible, documents should not be sent to private emails as these are much more likely to be insecure. Instead, employees should keep all business property (including documents) confidential and to a work email.

Employees should also be conscious when discussing client or business issues over the phone, and if at all possible, ensure that the conversation takes place in a location where they cannot be overheard.

Employers and business owners should make sure to regularly reiterate this advice, or give employees further explanations or information if they are unsure about keeping data safe.

The societal and economic changes currently taking place in the UK are having far reaching and significant consequences for the majority of businesses. However, if business owners and employers keep their workforce aware of important updates and methods of protecting data, the day-to-day running of most organisations, including the ability to comply with GDPR regulations, shouldnโ€™t be impacted.

If youโ€™re worried about GDPR and data protection or need to speak with someone for more advice on other commercial law matters, please contact Phil Parkinson on

PP********@La*******.com











.