As many organisations adjust their business operations as a result of the COVID-19 pandemic, network and data security are in the spotlight.
The significant increase in remote working, brings unique challenges and organisations must remain mindful of their legal obligations to keep personal data secure. In particular, the EU General Data Protection Regulation (“GDPR”) imposes a general obligation upon data controllers and processors to ensure the security of data processing against accidental or unlawful loss, damage, destruction, alteration or disclosure.
Controllers and processors must have in place appropriate technical and organisational measures to ensure a level of security for personal data that is commensurate to the risk associated with data processing. This is not a static analysis, but something to be kept under review as circumstances change. The mass shift to remote working has inevitably changed the risk profile of certain data processing activities. Set out below is a summary of important considerations from a data security standpoint, taking into account the GDPR’s requirements as well as guidance from data protection supervisory authorities in the UK, France, Belgium, Germany and Italy.
Please click here to continue reading on the Cleary Cybersecurity and Privacy Watch blog.