Assured Clarity - a global consultancy, specialising in risk management, cybersecurity and data privacy – is advising every organisation to press the General Data Protection Regulation (GDPR) reset button, as a result of fundamental changes to workplace and practices arising from the response to COVID-19. The Allowlist preferred supplier has outlined a four-point plan to help organisations ensure they are not exposing their business to even greater and unnecessary risk through non-compliance, as remote working becomes the ‘new norm’.
Cloud-based systems could be at risk
Managing Director of Assured Clarity, Carolyn Harrison, states: “The rush to implement and adjust to new ways of working, functioning at reduced capacity and still remain operational, has resulted in data protection taking a back seat.” Carolyn adds, “This is understandable, as business owners have needed to prioritise survival. However, there is a very real danger that a consequence of pivoting working practices - such as the introduction of cloud-based systems and remote-working - so quickly is that it exposes organisations and the wider supply chains within which they operate to suffer a data breach as well as regulatory risk.”
Data breach in organisations
“There is an urgent need to hit the GDPR reset button and focus on the core principles of data protection,” continues Carolyn. “This doesn’t mean starting from square one but taking a very close look at what has changed in the organisations' processes, technology and people, (there are many new recruits, having an onboarding process via conference call). These are all potential elements impacting compliance as well as exposing organisations to a higher risk of a data breach. The increase in cyber threats has been widely reported and taking appropriate corrective action now we consider a must.”
Four-point plan
To support organisations, Assured Clarity has outlined a four-point plan to help businesses take the right course of action.
- Refresh policies and procedures and update records of processing.
- Provide education and training in relation to new technologies and ways of working that have been introduced.
- Document evidence that organisational and technical controls are in place and are tested.
- Re-evaluate the supply chain to validate the compliance credentials of contractors and other third-party suppliers.
GDPR and safeguarding personal data
“It isn’t just commercial organisations that are grappling with how the new normal is impacting data protection and privacy. The UK government was scrutinised for its compliance with GDPR during the development of its Track and Trace programme,” concludes Carolyn. “We are all accountable and in the same way we have adapted how we live and work, so we must adapt how we safeguard personal data and privacy.”
Assured Clarity is registered as an Allowlist preferred supplier, offering cost-effective practical advice and the application of best practice, in achieving and maintaining compliance with data protection and other relevant compliance regulation.