GDPR in times of COVID. Keep calm and share data?

GDPwhat?

In case you have just landed from outer space, GDPR (General Data Protection Regulation) is a tough privacy and security law, drafted and finally approved by the EU on May 25th 2018.

It affects to any organization worldwide targeting or collecting data from EU residents. If you process the personal data of EU citizens or residents, or you offer goods or services to such people, then the GDPR applies to you even if you’re not in the EU.

This regulation harmonizes all legislations about data storage, but also imposes strict fines (max out at €20 million or 4% of global revenue) and tough regulations.Main goal is to protect data subjects’ privacy rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object

And on top of that, a pandemia

Ok, now we know what those 4 letters stand for. But, what do they have to do with the COVID-19?

In some countries at a larger scale than in others, what has been the one thing which implementation has grown exponentially since the diverse confinements started? Besides the impusilve acquisition of toilet paper, I mean. Yep, home-working.

Lots of employees have started to work from home, and therefore lots of not- yet scanned information had to be brought home. Files and dossiers which were usually put away in some file board, now were not accessible anymore. But they were needed for the daily tasks.

And what about schools? In order to keep teaching online, teachers had to carry home students’ files.In some occasions, when someone realized about this, they started to scan everything and store it on a cloud service but, is this service secure enough? Are permissions granted in such a way that not everybody can see everything?And not only this.

When you work in an office, internet connection works under secure measures, and maybe even a VPN. But, when working from home, are you using a secure connection? Is your wifi under a secure and encrypted connection and password, or still using the one provided by the company? Or, even worse, your birthday? Is the connection quick and good enough to store the files on the cloud? Or are you storing them locally to avoid lags?

Maybe some people might think “who cares about GDPR when thousands of people are dying?”. But precisely because we are under such stress, we should take more care about our personal data.

And I’m not going down the rabbit hole of the medical data… Your medical results could be stolen and sold to recruitment companies around the globe. Being immune has started to pop out in CVs as a remark. True story.

So, even more in times of pandemics, we should be careful with our procedures. When was the last time your Data Protection Officer checked your procedures?

If you don’t know what a DPO is, you are late. But we are here for you. Drop us a mail at office@merinoconsulting.com

Leave a Reply

Your email address will not be published.