Has COVID-19 resulted in GDPR compliance being side-lined?
- Published: Friday, 04 June 2021 07:31
Since the introduction of GDPR, businesses have had to adapt to new ways of protecting, managing, and storing personally identifiable information to become compliant, or else face potentially hefty fines and penalties, as well as reputational harm. But has COVID-19 been the catalyst for a change in attitude? Dan Harding believes so…
With the chaos and confusion of COVID-19, UK and European businesses had to rapidly introduce new ways of capturing personal data, such as the UK’s ‘Track and Trace’ processes, to protect their employees, visitors, and customers. In many cases, this led to scribbled down personal information that could be accessed and shared by any passers-by – easily misplaced or used for marketing purposes without authorisation. Despite the threats associated with non-compliance, GDPR has slipped far down the list of business priorities, with organizations often reverting back to old and outdated methods.
The evolution of GDPR
‘Let me just get a pen and paper’ was data collection terminology thrown into everyday conversations a few years ago. Information – be that personal and sensitive – could be written down and quickly left abandoned. As technology evolved, businesses were encouraged to phase out these bad habits that were not secure, safe, or efficient – but as time went by, they have slowly crept back in.
Do you remember when you visited an office and were asked to sign in via the meeting book and leave details such as your name, time of entry – and possibly your car registration plate? You could see that Joe Blogs entered the day before but didn’t sign out? These methods don’t stand up to the compliance requirements of today.
In recent years, data privacy has transitioned to the forefront of consumers’ minds as the prevalence of data breaches and misuse of data has become more widespread. Consumers want reassurance that their data is kept protected and secured – with companies held accountable if they are not compliant. The introduction of the GDPR was enforced on May 25th 2018. Collectively, this is recognised as the most far-reaching compliance regulation in existence, with the common goals of giving individuals within the European Union more control over how their personal information is being used. Despite having now left the EU, the rules still apply and a UK GDPR adaptation has been established.
Adjusting to a new norm
In 2020, businesses were under pressure to rapidly roll out track and trace systems – with some verticals having a greater demand to capture data than others. The hospitality industry saw the biggest hurdles due to the high turnover of customers and this meant that individual information had to be quickly logged and kept on record. But how effective and compliant were their methods of data capture?
The UK’s Eat Out to Help Out Scheme meant that large volumes of individuals were mixing together and there was great upheaval for restaurant staff to ensure they could collect as much information as possible without impacting their dining experience. With the power of technology at everyone’s fingertips, some businesses collected data via apps, spreadsheets, or Google Forms, so that in the event of an outbreak they had all the data at hand within the cloud. However, this raises concerns about whether people were putting in reliable data, was it secure, and was the data being destroyed after an appropriate time frame?
Despite the challenges, businesses adjusted to life with the GDPR but over the past year, COVID-19 has become the biggest distraction with many businesses fighting for survival. In their efforts to stay afloat, many businesses put GDPR on the backburner. However, the focus needs to resume and comprehensive data protection and privacy risk management need to be put back on the agenda.
Dan Harding is CEO of Sign In App – a technology solution which enable effective and GDPR compliant visitor management.