How coronavirus is changing data protection for firms

Explain the genesis of GDPR
Explain how firms have fared since GDPR was introduced
Identify implications of Covid-19 on application of GDPR

CPD

Approx.30min

Accuracy is critical and the work is time-sensitive.

This all means that it has been highly unusual if not non-existent – in our experience at least – for our larger clients to try to manage this work in-house, even during the Covid-19 pandemic.

Article continues after advert

Fighting for your rights

>With staff working from home, new cyber security risks are arising and the requirement to comply has not changed.

There were many predictions around this time two years ago that after the DPA 2018 and GDPR came into force, individuals would start to avail themselves of some of the new data rights afforded by the law and that individuals would start to exercise these new rights assertively at scale.

These new rights include the right to data portability (i.e. to move data in a structured form from one organisation to another) and the right to data correction (i.e. to have data corrected).

In reality, we have seen little evidence of these being asserted in any appreciable volume.

Individuals do make ‘subject access requests’ to request a copy of their personal data from organisations but this also happened under the old legislation, although requests were previously slightly curtailed by the frequent need to pay a modest fee.

It is no longer possible for organisations to charge a modest fee when responding to a request.

In the current circumstances of the Covid-19 pandemic and lockdown, a lot more personal data is being generated electronically and stored since staff are working from home communicating by email or via messaging platforms, rather than communicating in an office face-to-face.

This increase in the volume of personal data to be released means that subject access requests are requiring more time.

The future and next steps

With staff working from home, new cyber security risks are arising and the requirement to comply has not changed.

As a result of this, data protection policies and IT security risk assessments should be reviewed and updated to reflect the new status-quo and institutions may wish to take the time now to review their procedures for responding to a data breach.

Alex Matheson is an associate and Annette Fong is head of compliance services at Ince

Page 4 of 4

How coronavirus is changing data protection for firms

True or false, Under the ‘right to be informed’ rules, an organisation needs to provide specific information about why data is collected, how it will be used and how long it will be kept for.

Why are financial institutions finding the rules around ‘right to be informed’ a challenge?

When it comes to a data breach, any notifiable event triggers:

For organisations in the UK which data protection supervisory authority should be notified of a breach?

Amid the current lockdown situation, what should be reviewed in the face of rising cyber security risks?

The UK Data Protection Act 2018 (DPA) is complemented by which EU law?

Nearly There…

You should now know…

I completed this CPD in

Were the stated learning objectives met?

Why weren't they met?

What did you learn from undertaking this CPD exercise?

Why did you undertake this piece of learning?

Any comments about this article or FTAdviser's CPD in general?

Banked!

Already Banked!

Client complains to SJP after name mix up

Financial data from 53mn individuals involved in data breaches

FCA's faux pas over whistleblower is bad for confidence

Gen H credit search tool ‘mortgage market game-changer’

3 common misconceptions around increasing client access to data

Data breaches are costly but advisers can protect themselves