Is GDPR a casualty of Covid-19?
Since the introduction of the General Data Protection Regulations, businesses have had to adapt to new ways of storing personally identifiable information to become compliant, or else face hefty fines and penalties, as well as reputational harm. However, with the chaos and confusion of Covid-19, businesses had to rapidly introduce new ways of capturing personal data, such as ‘track and trace’ processes to protect their employees, visitors and customers.
In many cases, this led to scribbled down personal information that could be accessed and shared by any passers-by – easily misplaced or used for marketing purposes without authorisation. Despite the same threat of fines for non-compliance, GDPR has slipped far down the list of business priorities, often reverting back to old and outdated methods.
With the great return to the workplace on the cards and hospitality opening back up, Dan Harding, CEO, Sign In App discusses how businesses need to tighten their security and champion GDPR while ultimately ensuring safety and wellbeing remain a priority...
The Evolution of GDPR
‘Let me just get a pen and paper’ was data collection terminology thrown into everyday conversations a few years ago. Information – be that personal and sensitive – could be written down and quickly left abandoned. As technology evolved, businesses were encouraged to phase out these bad habits that were not secure, safe or efficient – but as time went by, they slowly crept back in.
Do you remember when you visited an office and were asked to sign in via the meeting book and leave details such as your name, time of entry – and possibly your car registration plate? You could see that Joe Blogs entered the day before but didn’t sign out? These methods don’t stand up to the compliance requirements of today.
In recent years, data privacy has transitioned to the forefront of consumers’ minds as the prevalence of data breaches and misuse of data has become more widespread within the media. Consumers want reassurance that their data is kept protected and secured – with companies held accountable if not compliant. The introduction of the GDPR was enforced on May 25th 2018. Collectively, this is recognised as the most far-reaching compliance regulation in existence, with the common goals of giving individuals within the European Union more control over how their personal information is being used. Despite having now left the EU, the rules still apply and as a nation, a UK GDPR adaptation has been established.
With so much upheaval in order to become compliant with record-keeping requirements, responsibility has been placed on businesses to tackle it head on – with the threat of significant penalties potentially having long term effects on a business’ reputation. With fines and penalties seeing double-digit growth year after year, what do businesses – large and small – have to contend with as GDPR approaches its third anniversary, especially when Covid-19 has been thrown into the mix?
Adjusting to a new norm
In 2020, businesses were under pressure to rapidly roll out track and trace systems – with some verticals having a greater demand to capture data than others. The hospitality industry saw the biggest hurdles due to the high turnover of customers and this meant that individual information had to be quickly logged and kept on record. But how effective and compliant were their methods of data capture?
The Eat Out to Help Out Scheme meant that large volumes of individuals were mixing together and there was great upheaval for restaurant staff to ensure they could collect as much information as possible without impacting their dining experience. With the power of technology at everyone’s fingertips, some businesses collected data via apps, spreadsheets or Google Forms, so that in the event of an outbreak they had all the data at hand within the cloud. However, this raises concerns about whether people were putting in reliable data, was it secure, and was the data being destroyed after an appropriate time frame?
However, in other industries, people returning to their place of work who couldn’t work from home were regularly asked health screening questionnaires to keep everyone safe – something that was only possible with a visitor management system in place. Effortlessly, an individual’s results could be flagged if there were any concerns in the answers shared and action taken immediately – such as preventing their entry to the workplace beyond the sign-in point. With an outdated pen and paper method, this would have been more time consuming to notice with insufficient protocols in place – and a high likelihood of missed events.
Despite the challenges, businesses adjusted to life with the GDPR but over the past year, there has been a series of disruption as Covid-19 has become the biggest distraction with many businesses fighting for survival. In their efforts to stay afloat, businesses had to protect their workforce community and implement track and trace measures – putting GDPR on the backburner momentarily. However, the focus needs to resume and to be put back on the agenda. With the help of simple apps, and a fluid sign-in experience, technology can play a key role in this strategy by building confidence that personal and sensitive data is being collected, used and destroyed in an ethical and compliant nature.
The future is bright
No one has a crystal ball about what the future holds but being prepared will be a fundamental stepping stone to staying in control. Businesses must protect their reputation and their workforce community. By collecting and disposing of data in accordance with compliance requirements and with the support of simple but innovative technology, they will ensure that fines and penalties don’t present any unexpected surprises.
By stripping back to basics, businesses can learn from the key takeaways from the current pandemic and ensure that GDPR doesn’t become the casualty of a future global event – should another arise. By ensuring that appropriate measures are in place, such as a health screening when entering the office or prior to dining in a restaurant, businesses can play their part in keeping the virus at bay.
Seeking to implement an efficient and straightforward visitor management system will be pivotal to business survival post pandemic. It’s important to keep in mind that one size doesn’t fit all and it’s about making the right data-driven choices and collecting the information that is required in a way that works for each individual business. Focusing on offering a seamless hassle-free experience from beginning to end will add credibility and ensure compliance is at the heart of the business, once again.