By Steven Orpwood, Business Analyst and DPO

March 2020

 

The GDPR says that new processes or systems should be subject to a risk analysis to determine the risks to the rights and freedoms of individuals. It also says that we should constantly review existing processes and expose them to the same rigour, thus ensuring that changes we may not even have noticed are not producing unwanted effects, that’s the “default” part in the title.

 

Since we’re in lockdown and any non-essential business has been paused, I can hear all of our clients saying “but such things are irrelevant now”. Not so. Now more than ever, with significant home working and changes to working methods, the “data protection by default” element is even more important. In fact, for many organisations, where business continuity was something to be nodded to in passing, new processes are potentially being created on a daily basis.

 

Regardless of the GDPR, when we’re looking at the protection of individuals and their data, we need to keep the basics in mind, and not just “assume” everything will be alright. I think the current situation amply demonstrates this is not true.

 

You might also be interested in reading some of the Aim team’s blogs here.

 

Find out about Aim’s data protection and GDPR services here and see how we can help.