COVID-19 has intended 2020 has been a “year like no other” in regard to info safety and privacy issues, according to Jonathan Armstrong, husband or wife at Cordery, speaking throughout the 2020 UK and EU Info Security Assessment and Outlook for 2021 webinar hosted by Spirion.
He mentioned that the sudden shift to remote operating that many businesses had to undergo as a consequence of lockdown restrictions actions back again in March has raised a range of new concerns in this field. A single of these is the escalating use of new 3rd events, in specific startup businesses and corporations that have transformed their services in reaction to the pandemic. For that reason, enterprise due diligence of these types of providers, and examining no matter if they could be trustworthy with details, has been a significant issue this year for quite a few organizations, according to Armstrong.
Another issue has been health and fitness checks for people coming into an organizations’ premises in gentle of the pandemic, which lifted considerations more than intrusiveness. “Some companies have received into problems with monitoring health and fitness information on to an HR work file,” said Armstrong, noting that the retailer H&M was fined 35.2m for gathering far too a lot info on workers, with wellness checks currently being a single facet of that.
Additionally, checking remote personnel productiveness has led to new facts privacy claims and investigations, “particularly with matters like Place of work 365 where by there is features out of the box to check staff productiveness.” Armstrong included: “There are generally troubles with this type of details, notably when people understand the business is heading to eliminate headcount and they might get rid of out.”
Armstrong also outlined critical areas of litigation this year, 1 of which is growing numbers of personnel exercising info matter legal rights, these types of as requesting companies to disclose the details they keep about them. This is specifically essential as “the volumes of facts can be additional major in a working from home natural environment.” He noted, for instance, that some organizations are routinely recording calls having area on movie conferencing platforms.
This shift to remote working has also highlighted the deficiency of consistency among diverse jurisdictions in regard to the application of GDPR, in the see of Armstrong. Even though info safety authorities (DPAs) swiftly issued tips about how businesses should really tackle this predicament at the get started of the crisis, a unique absence of uniformity was observed.
With house functioning set to go on to play an essential role for the foreseeable future, Armstrong set out advice for organizations to reduce the pitfalls of facts privacy problems happening. These include things like recognition that consent will rarely be a resolution when it comes to knowledge selection, endeavor a facts safety impact evaluation (DPIA) and next the 6 GDPR ideas.
One more main facts privacy issue this calendar year in a European context has been the UK’s ongoing negotiation with the EU to established out the complete terms of its departure at the conclude of this 12 months. Andre Bywater, partner at Cordery, stated that while data safety is not the main bone of contention in the negotiations, it at the moment continues to be unclear what the UK’s partnership with GDPR will be from following 12 months. “GDPR has used in the UK all through the transition period, but after we leave the EU with or without the need of a deal, it will not technically utilize,” he discussed. It could be that the UK passes its individual new knowledge defense law that follows the GDPR, “but there could also be changes.”
A significant aspect of the uncertainty is that the UK is at the moment awaiting an “adequacy decision” from the EU, in which its procedure is being assessed on how effectively it is ready to defend privacy rights. If granted, data transfers from the EU to the UK can flow freely, but if not, this could result in numerous issues for organizations. Bywater commented: “I do not think we will get an adequacy conclusion in the following four months.” In this situation, “any knowledge transfers from the EU to the UK will all have to use a distinct mechanism” such as product clauses.
Summing up, Armstrong suggested enterprises to have a data transfer plan to be all set for these a circumstance.
Some areas of this article are sourced from: