Don’t fall foul of GDPR during lockdown

Phil Parkinson, head of commercial law at Blacks Solicitors, discusses General Data Protection Regulation compliance and the implications of working from home for the travel sector during lockdown

These are exceptional times, with emergency legislation leading to significant impacts across all aspects of society including travel, businesses and the economy. We’ve experienced a huge range of unprecedented measures to limit the pandemic such as social lockdown, closure of borders and businesses entering administration.

UK businesses, in particular travel, retail, hospitality and leisure, have struggled to navigate these changes. The current public health emergency has meant that many organisations are facing staff shortages, limited operating capacity, and acute financial pressures impacting their finances and cash flows.

This has led to a large proportion of the UK’s workforce being furloughed, however for some organisations in the travel sector, the continuation of work is crucial, and employees are now working from home.

Even for those who are used to it, working from home can raise new issues. Employers and employees must work together to ensure they are meeting legal requirements, continuing to deliver results and maintaining morale.

GDPR
During this time it’s crucial that organisations and professionals in the industry preserve the trust of their clients, suppliers and customers in order to maintain cash flow. GDPR must continue to be a key focus for employers and employees to ensure that the sensitive information held by the company is kept secure.

A breach in GDPR during this difficult time could be catastrophic for a significant number of organisations with the potential for fines of up to £10m or 2% of annual global turnover¹. This could leave the travel industry crippled and unable to make the most of the travel resurgence post-pandemic.

The flexibility of the law enables the regulation of GDPR to continue whilst recognising the unique challenges currently facing businesses. This includes the reduction in resources and staffing, which could impact the ability to comply with aspects of GDPR and freedom of information (FOI), such as how quickly FOI requests are handled.

IT departments should be hard at work reviewing procedures and security to enable people to successfully work from home without breaching data protection. If the department is struggling, outside help should be used to ensure connections are as secure as possible.

It may be that companies already have policies in place for working from home, but all businesses owners and employers must communicate to staff how they can protect data and make sure that all decisions are recorded so that information is available at the conclusion of the emergency.

Even if there is no formal policy, whilst this is being set up an email or correspondence should be shared with staff, highlighting issues to be aware of and how these can be combated.

What staff need to know
If employees are using their own equipment at home, everything should be password protected and no passwords should be given to a third party. Furthermore, for people living with others, the computer in use should always be locked when leaving the room.

Where possible, documents should not be sent to private emails as these are much more likely to be insecure. Instead, employees should keep all business property, including documents, confidential and to a work email.

Employees should also be conscious when discussing client or business issues over the phone, and, if at all possible, ensure that the conversation takes place in a location where they cannot be overheard.

Employers and business owners should make sure to regularly reiterate this advice, or give employees further explanations or information if they are unsure about keeping data safe.

As with all unprecedented situations such as a pandemic, the societal and economic changes taking place will have far reaching and significant consequences for the travel industry. However, if business owners and employers keep their workforce aware of important updates and methods of protecting data, working from home should not impact the day-to-day running of most organisations.