Perspectives

Privacy and GDPR

Managing the risks

In the face of COVID-19, from healthcare to commerce, cybersecurity and privacy rights have never been more important. Cybercriminals around the world undoubtedly are capitalising on this crisis, and organisations have to find the ‘right balance’ between pandemic response and privacy considerations.

Privacy and GDPR support

Privacy reviews and architecture

COVID-19 forced businesses to shift from offline to online and be connected through multiple and unsupervised locations, our homes. The cyber threats augmented, imperiling privacy. Teleworking became the norm, and the need to use new online tools and systems (including online sales) emerged to keep up with the business. 

This has given rise to many questions and considerations in terms of teleworking and privacy culture, data breach management, privacy by design, and direct marketing and online sales. How and to what extent can an organisation monitor its employees outside of the office? How do they prevent a data breach? How do they design and implement a system compliant with data protection laws? How can organisations enable cookies on their website/mobile app and be compliant with the data protection requirements?

Deloitte offers a helpdesk line to assist organisations with these and other questions. We also define the legal framework and translate it to functional implementable requirements, prepare supporting documents (e.g. guidelines, playbooks, response plan, notices and disclaimers), provide user stories for system adherence to privacy, and develop general and tailor-made trainings.
 

Privacy technology integration

Manual processes are in jeopardy due to COVID-19 as we rely more on technology and teleworking. Regulatory requirements should therefore rely on sturdy processes. A modern and updated approach to operationalise privacy programmes is also needed as it enhances compliance. Privacy technology integration increases the efficiency of data collection, usage, storage and erasure through automation, which can help prevent adversarial effects of non-compliance, such as fines, regulatory scrutiny and reputation damage.

Challenges in manual privacy programmes can be mitigated through technology enablement, which can facilitate automation and efficiency across many domains. Privacy technologies from multiple vendors are available for inter alia, dynamically mapping data collection and processing activities, manage consents, data subjects’ requests, support DPIAs, and data breach management.

Deloitte can help organisations select the right tools for them, perform an assessment, and define and implement a privacy technology strategy, and support it with ongoing management.

Privacy and Data Protection in the age of COVID-19
Did you find this useful?