Two years of GDPR compliance and Coronavirus: the perfect storm

Home » Company News » Two years of GDPR compliance and Coronavirus: the perfect storm

Monday 25th May 2020 marks the two year anniversary of GDPR coming into force across the EU, including the UK.

The GDPR requires you to always be compliant with its rules. In normal times the fact that GDPR is two years old this month would be enough for most businesses to be thinking about reviewing their GDPR compliance, checking they’re still doing all the right things. Afterall, most businesses evolve in one way or another, whether that’s changing services or changes to their teams, so, a lot could have changed that requires revisiting GDPR, to ensure they’re still on the right track. However, during the Coronavirus “new normal” the importance of maintaining compliance is even more relevant as businesses adapt to working in different ways or welcoming employees back as lockdown begins to lift, processing employees’ Covid-19 data, taking their business online, etc.

Being GDPR compliant was not a one off for May 2018. Ongoing compliance is a key part of the accountability principle the GDPR introduced, the data protection rule that says you have to show you are compliant and continue to be. EAT, SLEEP, GDPR, REPEAT should be your compliance mantra! Generally, this means you need to:

  • Review your processing activities and identify anything that has changed since you last looked at your compliance
  • Make sure your documentary evidence of compliance is up to date including your records of processing activity
  • Ensure your internal and external policies (e.g. privacy policies) are up to date and staff are reminded about their compliance duties (i.e. refresh their training)

But, with Coronavirus currently part of our lives this also means that the following should also be considered:

  • How your compliance is impacted by a workforce working remotely and from their homes both in terms of security and employees applying the same data protection principles away from the office
  • How your existing data protection processes are impacted and whether they need to be amended to reflect the “new normal”
  • Whether you have all the right checks and balances (documentation) about any new processes or systems you’re now using (e.g. the increased use of video conferencing, allowing employees to access systems from their own devices, etc.)
  • What the health and safety impact of returning to work means if you need to process health information (specially protected by GDPR) about employees who may or may not be tested for Coronavirus or display symptoms

Whether you’ve just not reviewed your compliance in the last couple of years, or your business is now operating differently because of Coronavirus, now’s the perfect time to make sure you really are still GDPR compliant.

And, we can help you with all this.

Mark Gracey GDPR have launched a new helpline service designed to offer help and support regardless of your size of business or where you are with your GDPR compliance. For more details see: