These are unprecedented times. Whilst data protection may not appear to be a primary focus for us currently, it is important to remember that data protection laws and regulations remain in place.
The way we work over the coming weeks will change and we may be asked to share personal data about our employees with contractors and other third parties as a matter of urgency. However, we need to think before we act and consider why we are sharing the data and if it’s proportionate to do so. What are the risks of not sharing?
We are also likely to be more susceptible to phishing attacks or hacks as we work remotely and with skeleton staff levels. When working remotely, think about whether your Internet connection is secure in order to keep our data secure from cyber-crime. We need to remain vigilant and alert.
Some of our practices may take longer as we address the challenges of working remotely. It may be difficult to meet out statutory deadline of 30 days for subject access requests. The Information Commissioner’s Office (ICO) has not agreed any extensions to our timescales and, whilst it may be more understanding at this difficult time, we still need to evidence our commitment to the legislative deadlines. If we know that we will not meet the requirements, we must advise the data subject of this delay and advise an anticipated completion date. The ICO will consider this to be reasonable to keep our customers informed.
If you are in any doubt about any aspects relating to data protection and personal data, please contact us in the first instance. We are here to help and support you.