The sudden shift to large-scale remote working due to the coronavirus pandemic has created new data protection risks for companies, a new survey has found. The research found that while many companies have yet to implement new policies to tackle the issue, employers have clamped down on the use of free communications tools that do not offer adequate data protection.
The research conducted by Irish law firm McCann FitzGerald and international audit, tax and advisory firm Mazars found that 80 per cent of companies feel remote working presents new challenges for businesses in keeping data safe, and a majority – 84 per cent – said they had educated staff about the risks to personal data posed by remote working.
However, only 55 per cent said they had introduced policies and procedures to manage risks.
There were other concerns too. Of those who changed their processes due to Covid-19, only 45 per cent updated privacy notices, 36 per cent conducted an impact assessment and less than a third updated the record of processing activity. Experts said that raised red flags under GDPR.
"Large-scale remote working poses data protection challenges for organisations, and it is unsurprising to find widespread concern on this issue," said Paul Lavery, partner and head of technology and innovation at McCann FitzGerald.
“Remote working policies, including those dealing with confidentiality and IT security, as well as the software used by employees when working from home, should be urgently reviewed to ensure they are fit for purpose and support adequate security.”
The research was part of on annual survey by McCann FitzGerald and Mazars on the impact of GDPR on Irish businesses. Respondents came from a range of sectors, including financial services, public, technology, and other sectors, and had an average of 236 employees in Ireland.
Some 80 per cent of companies said they were compliant with GDPR, a rise of 4 per cent on last year, with 75 per cent saying they saw the benefits of compliance with the new regulations in terms of their relations with employees, customers and other stakeholders. That was a significant increase from the 58 per cent who felt positively about the new regulations in 2019.
But despite that positivity, just under half said they had concerns about being fined for not complying with the regulations, with areas of concern including the reporting of personal data breaches, reviews of data processing activity and third party risk assessments.
“While more and more organisations seem to view the GDPR positively, large numbers are still failing to complete mandatory compliance activities such as periodic reviews and the maintenance of logs,” said Liam McKenna, partner at Mazars’ consulting services practice.
“These organisations are running a real risk of incurring fines, as well as serious reputational damage, unless they move quickly to address these shortfalls.”