How robust your data protection program is may be being tested during this difficult time, with employees working from home and others in workplaces with an abundance of staff absences. Having compliant GDPR and DPA18 policies, procedures and controls in place is mandatory, but has never been so important.
How you process personal data during this time may not be under extreme scrutiny right now, but it certainly will be once the dust settles and working practices are reviewed and tested. The ICO have put together a few summary points for businesses to share with their customers on specific situations regarding the processing of personal data. You can direct customers to the full blog using the below link: –
Personal Data During the Coronavirus Crisis
- Consent is not needed for the Government, NHS and other relevant organisations to send vital public health messages (i.e. via phone, email or text).
- Sensitive personal data (i.e. health) has higher protections that general data and people may currently be faced with more questions about sensitive personal data. Employers and organisations have an obligation to protect their staff; however, they should not be asking for more information than is necessary.
- If a personal become ill with coronavirus, it may be essential that the employer tell their colleagues.
- Any previous or current Freedom of Information requests or Subject Access Requests (SAR) are likely to have delays in responses at this time. Whilst there are timeframes for responses in place, these can be extended under certain circumstances and obviously organisations are currently diverting their resources to help with other challenges.
Our 3 sizes of data protection policy packs start at just £95 (exc vat) and can offer a range of ready to use, fully customisable templates; from privacy notices & SAR’s, through to data protection and data retention policies.
Now is the time to ensure that your data protection compliance program is effective and compliant!