How coronavirus is changing data protection for firms
- Explain the genesis of GDPR
- Explain how firms have fared since GDPR was introduced
- Identify implications of Covid-19 on application of GDPR
- Explain the genesis of GDPR
- Explain how firms have fared since GDPR was introduced
- Identify implications of Covid-19 on application of GDPR
We have found that organisations are willing to act quickly and decisively when they detect a data breach and we have seen no sign of organisations taking their responsibilities less seriously during the Covid-19 pandemic.With premises closed, budgets severely curtailed and staff at home with little ‘normal’ work to do, trying to be as useful as possible in areas such as compliance, it has been necessary for us to be flexible with our clients and to try to deliver our work in a more collaborative way in response to these pressures.
In relation to the drafting of new data protection policies, we would previously typically have been instructed to develop and deliver a full suite of new policies for a financial institution in collaboration with their various in-house teams, whereby they would provide us with information and we would do almost all of the drafting work.
This has now changed.
Recently we have instead developed and delivered specific key skeletal documents for our financial institution clients and we have then handed these over to their in-house teams to help them manage their legal spend.
In the pre-Covid-19 world, we would not have imagined our clients facing quite the same financial constraints when instructing a law firms as they do now, but then again they probably would not have had the same time or attention to attend to this specialist area.
Aside from our work on drafting data protection policies for organisations, we also receive instructions to dispense urgent legal advice and practical guidance when there has been a data breach.
Data breaches
We have found that organisations are willing to act quickly and decisively when they detect a data breach and we have seen no sign of organisations taking their responsibilities less seriously during the Covid-19 pandemic.
Data breaches of any significance typically involve a lot of focused and skilled legal work.Urgent legal advice is important since any notifiable event triggers a 72-hour window to notify the relevant supervisory authorities and the clock does not stop ticking during the weekend.
One of the first things we analyse as lawyers is the question of which supervisory authorities need to be notified in a particular event.
For organisations headquartered in the UK or the EU (or EEA) there is typically only one supervisory authority to notify of a breach in one language (the notification for UK organisations is to the ICO and it is made in English).
For international clients, depending on their corporate structure, there can be numerous time-zones and multiple languages to navigate quickly to ensure that notifications are lodged appropriately to all relevant supervisory authorities.
