Cornonavirus Crisis and the GDPR Accountability principle
April 26th, 2020
In this blog we consider the Accountability principle, and how this affects businesses in the era of the Coronavirus pandemic response.
The Accountability principle is one of the Seven Principles of GDPR and the Data Protection Act 2018.
What is Accountability?
Accountability is your requirement to demonstrate how your organisation or business is compliant with the data protection regulations.
This sounds simple, but what does it really mean? If ever audited or investigated, what would you show the investigators?
How does this change as a result of the coronavirus crisis?
Is your business doing things differently in response to the pandemic?
The UK Government has taken a number of unprecedented steps in response to the crisis.
So, it is important, as a business that you identify any new or increased operational risks. For example, does your business have more staff working from home? Or are staff working from home for the first time?
Alternatively, is your business using new technology? Or are you aware that staff are now handling data and information in different ways?
Are updates needed to data security and systems controls?
Employees cause over 60% of data breaches.
Equally, where businesses have been forced to make rapid changes to working practises, it is essential that organisations identify any new IT security or data risks.
Are there changes to the data you hold, where and how?
- why you have that data
- what you do with it
- who sees it
- where it is kept
- are you a Data Controller or Data Processor or both?
If your businesses wants to meet their obligations for Accountability, you must be able to demonstrate what actions have been taken to maintain data protection standards.
Working from Home Assessments
A key feature of meeting the GDPR Accountability principle is being able to demonstrate your regulatory compliance. Therefore, we recommend that each employee completes an assessment of their home office setup.
The information gathered from this assessment will help your organisation identify increased IT security and data risks. Equally, employers can create or update their Working from Home guidelines.
Changes to business operations
If your business operations have changed, you may need to make changes to your key operational policies and procedures, in areas such as:
- Management of Data breaches
- Controlling access to systems and applications
Businesses new to data protection compliance
Let’s take a look at the route to Data Protection compliance. Our infographic below, we explain the key steps that organisations should take to demonstrate compliance.
Have you registered with the Information Commissioners Office?
For new businesses, it is important to think about your requirement to register with the ICO.
- See this useful checklist from the ICO on whether you need to register
- The fees are explained here – SME’s fees range from £40 – £60 per annum
In addition, the business will need an individual to be responsible for Data Protection within your organisation. Perhaps your organisation is obliged to have a Data Protection Officer? If so, we can help with this.
The importance of being able to demonstrate compliance
The ICO use a number of factors to decide what fines or other actions to take against organisations.
In fact, when submitting Data Breach information to the ICO, organisations must answer a number of questions. These cover things like amount of staff training and the IT and security procedures you have in place to prevent breaches.
Therefore, it is essential to have operational policies and procedures in place. This could avoid costly fines and damages to your business reputation.
Get in touch!
If you are unsure about what your organisation should do, contact us today.
Or complete our let’s get started form.
Alternatively, keep up to date with our newsletters here.