What new risks to GDPR does COVID-19 and lockdown bring?

In this article Managing Director of Assured Clarity Carolyn Harrison looks to provide the answer to the question, ‘What new risks does COVID-19 and lockdown bring to GDPR?’


Having recently been asked to present at a webinar on ‘Lockdown Risk’, it got me thinking.

How has the Lockdown changed an organisation’s Data Protection status?

For most, in a new world where ALL organisations have been forced to reconsider their working arrangements, the pressures of trying to run a ‘Business as Usual’ approach during Lockdown in a new, decentralised model has been extremely challenging. So, information security and data protection took a back seat.

Lockdown Risk

During Lockdown, survival in all senses of the word is understandably what had to, and did, come first. And being innovative and finding ways of putting in quick alternative solutions (work arounds) became the new norm.

Unfortunately, it was the same case for the ‘cyber criminals’ too*.

Add to this trying to monitor non furloughed employees’ performance when working remotely in their own homes. Evidence already suggested that 3rd party suppliers were a huge risk factor. A risk that has now increased significantly.

This got my GDPR alarm bells ringing!

So, we need to press the GDPR reset button. Not because we are 2 years on from ‘GDPR Day’, but because nearly everything within an organisation may have changed.

Back to Basics

It’s time to go back to the basics of the original GDPR foundations:

  • The need to identify risks to your business.
  • Breaking down silos caused by the new regime.
  • Rebuilding trust internally and externally throughout your organisation.

How do you do this?

  • Policies and processes will need refreshing, and ‘ROP’ (Records of Processing) updating.
  • With any equipment, networks, environment changes there is still the need to deliver Education and Awareness.
  • Ensure that you can still evidence that you have the Organisational and Technical controls in place and tested.
  • Remember, you are still responsible for making sure your contracts and outsourced providers (3rd parties) are GDPR compliant. They too will have had to change.

You can find Assured Clarity on THE LIST and for more information can visit them at their website.

*some statistics:

  • Cyber-crime pre-COVID 19 was already costing the global economy over $2 trillion
  • Online shopping fraud has risen by 46% since the start of Lockdown, ‘making it one of the biggest crime growth areas’ in the UK.
  • Human error accounts for 95% of internal breaches. There has been a big spike in email and phone scams as criminals look to seize on people’s vulnerabilities around COVID 19

For Information

Other useful sites: