Data Protection Compliance and COVID-19

If you have concerns about maintaining your data protection practices to meet GDPR requirements, then you are offered assurance by the Information Commissioner's Office (ICO) that it understands the challenges you face with allocating resources.  It has said it will not penalise organisations in circumstances where you need to prioritise other areas or adapt your usual approach to compliance during this difficult period.

The ICO has addressed other common areas of concern by:

• Reminding organisations that data protection and electronic communication laws do not stop the Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email, as these messages are not direct marketing.
• Clarifying that data protection concerns should not be a barrier to an increased need for homeworking during the pandemic, but organisations should consider having the same security measures for contingency planning homeworking as they would usually adopt for all homeworkers.
• Confirming that organisations should keep staff informed about cases of COVID-19 in their workplace, for health and safety as well as a duty of care purpose. The ICO reminds organisations to avoid naming individuals and not to provide more information than is necessary.
• Stating that organisations will not be prevented by data protection law from sharing employees' health information with authorities for public health purposes.

In times of remote working, it is also useful to remind staff and colleagues of basic data protection practices:

• All confidential waste is disposed of securely. That may mean workers at home retain it and dispose of it when they return to the office.
• Ensure all personal data sent by email is sent securely.
• Be vigilant to phishing emails/links and attachments.
• Identify all clients before disclosing personal information over the phone / via email.
• Ensure all paper files are locked away.
• Ensure passwords to systems are kept secure by the individual users and not shared.

For the latest information on navigating data protection during this unprecedented time, the ICO has launched a new data protection and coronavirus information hub, which can be accessed here.