• About us
  • Pricing
  • Services
    • Consultancy
    • Training
  • Partners
  • Resources
  • Contact
  • Login
  • Try for FREE
Watch our FREE training video: how to protect personal data when working from home
April 8, 2020
Why does the ICO charge a data protection fee?
May 19, 2020
May 12, 2020

What are the GDPR requirements around Covid-19?

GDPR and coronavirus are probably the last things you want to see mentioned in an article together, right? While we all get to grips with how we return to work and change our working practices, there are data protection implications too. In our latest article, Gerrard Fisher discusses some of the things small businesses need to think about when dealing with data protection as we begin to leave the lockdown.

Recording health information

If you’re managing lists of which staff have tested positive for Covid-19, or which are self-isolating as a precaution, you’re managing information about their health. Whenever you keep a record about someone’s health, you’re using “special category” information and this comes with special responsibilities. Have you checked what extra precautions you need to take to hold this kind of information securely? What might be the implications of someone else accessing these records?

Do you really need to keep information on their current condition? If possible, try not to keep detailed (or speculative) information on people’s health conditions. Instead: can you keep a simple record of “when people are available to work”?
martin-adams-Tyqek1L8ldI-unsplash (002)
You might have good justification for holding more detailed health information as part of your ordinary business (for example, if you’re providing healthcare services it’s vitally important) but don’t store information you don’t really need. That way, you can’t lose control of it!

Recording employment information

Your staff may be working different hours, they may be furloughed or on reduced shift patterns. Most of the information you hold will be important for your business - so you can manage payroll, keep in touch with staff and keep your business running.

This kind of information is likely to be standard HR management stuff - and so you should protect it accordingly. Like with all other routine employment information, only certain people should be able to see it: such as line managers, and the necessary HR professionals.

Adapting to new working patterns and behaviours after Covid-19

We covered working from home in a previous blog and video, but there are other ways in which your business may work differently to before:

  • Filing personal data
    We will see a reduction in “hot-desking” and use of shared working spaces. This might change the way people file away personal information they’re working on (such as paper copies). Have you set up secure places for them to use?
  • Security measures and continued home working
    Flexible and home working is likely to continue - so those temporary IT security measures you put in place may become more permanent. Make sure you review the measures you have in place to check they’re still fit for long-term operation. For example: if some staff have been logging on with their personal home computers, is now the time to issue them with work computers that can be part of your secure system? Find out more about protecting personal data you’re your team is working from home.
  • Cover for data protection activities
    Your team’s availability could still be variable, depending on how immunity plays out. Can you take steps to ensure that you have extra cover for key data processing activities? Maybe you don’t need a “Deputy Data Protection Officer” but getting someone else to cover some of the data protection tasks would be a useful back-up.
  • Back-ups in case the worst happens
    And speaking of back-ups...how are yours?! Make sure you’re backing up information securely in case the worst happens. Authorities have already seen an increase in cybercrime and ransomware that damages data and demands a payment. If you’ve got a recent back-up you can better protect yourself from this kind of threat.

About Astrid

Astrid is a secure online platform that makes data protection compliance simple. Developed with small businesses in mind, we provide you all the tools and guidance you need to become and remain compliant with data protection legislation. Find out more about our services.

Subscribe now to get your small business compliant and safeguard your reputation, your finances and your business. With prices starting from £225 a year, it’s a small price to pay to protect yourself from potential prosecution and penalty fees.


Protect your business - become and remain GDPR compliant with Astrid

 
Subscribe today
 
Share
Emma Oram
Emma Oram

Related posts

January 3, 2021

Can I forget about GDPR after Brexit?

Read more

Leave a Reply Cancel reply

You must be logged in to post a comment.

Astrid Data Protection Ltd.

24 John Clare Close
Brackley
Northamptonshire
NN13 5GG

Useful links

  • Home
  • About us
  • Pricing
  • Services
  • Partners
  • Resources
  • Contact
  • Privacy notice
  • Cookie policy
Company number: 11166227 - ICO registration: ZA310233 - © 2018 Astrid Data Protection Ltd.
Astrid Data Protection Ltd uses cookies on this website. Some are essential, others improve functionality and track your use of the site to help us improve it. You can reject the functionality and tracking cookies using the Reject button. To find out more read our cookie policy. Accept Read More Reject
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT