Tips to comply with GDPR during the pandemic
•
0 likes•134 views
Tips are provided to help organizations comply with privacy regulations during the COVID-19 pandemic. These include reviewing user access logs to systems like ERP and CRM given changes to remote work, prioritizing tasks like delaying audits, increasing security controls for remote access and video conferences, updating data flow documentation for new databases and applications used for telework, and remaining vigilant in detecting potential data breaches involving missing assets or unusual activity in security logs during the crisis period.
More Related Content
What's hot
Similar to Tips to comply with GDPR during the pandemic
Similar to Tips to comply with GDPR during the pandemic (20)
More from Hernan Huwyler, MBA CPA
More from Hernan Huwyler, MBA CPA (20)
Recently uploaded
Recently uploaded (20)
Tips to comply with GDPR during the pandemic
- 1. Tips to comply with privacy regulations during the pandemic Prof Hernan Huwyler, MBA CPA Data Security and Corona
- 2. Review user accesses As of today and during the response plans Cover IT admins, employees and consultants Focus on display and edit large databases Update the segregation of duties Recertify users with process owners Review changes in user access to ERP, CRM and shared folders
- 3. Reprioritize tasks Inform extended periods to new and backlogged subject access requestors Delay plans for audits to processors Review contracts with new vendors and services engaged during the response actions Regulators understand that resources were diverted during a pandemic
- 4. Increase security controls Ask IT to update remote VPNs and access solutions Assess security practices in video conferences Check for failed logins to critical systems Review changes in privacy and security settings Homeworking poses higher human error and fraud risks
- 5. Update data flows Update and review the RoPA for new health, cloud and personal storage databases and end- user applications created for teleworking Review the adjustment of the scope of the data loss prevention to the changes in the IT assets Assess the need for updating DPIAs Response actions significantly changed the data processing
- 6. Detect data breaches Investigate for missing assets during the response activities Ensure the review of security logs during the crisis Request updates to data processors Coronavirus is a catalyst for cybercrime
Editor's Notes
- Many changes in user rights during the lockout “Stampede” from the office with electronic files and documents to home Many hard copies were taken out of the offce to homes which was not related to job functions
- https://ico.org.uk/global/data-protection-and-coronavirus-information-hub/data-protection-and-coronavirus/ Cover contracts with new vendors of IT infraestructure, communications, monitoring
- https://ico.org.uk/for-organisations/working-from-home/working-from-home-security-checklists-for-employers/ Remid users for complex passwords and the signs of phishing emails or texts, avoid using personal chats for work (a/t the bring your own device policy)
- https://ico.org.uk/for-organisations/working-from-home/working-from-home-security-checklists-for-employers/ New datasets in - getting employee, 3P and visitors health status (infection, travel to high risk countries) - monitoring employees working from home (IP addresses, location data, access, issues with Office365, MS teams and zoom) - dealing with cancelation requests with customers also created new datasets Ensure that backups are covering the telework data, e.g. automatically synchronization of personal computers to company servers Ensure the principle of confidentiality, proportionality, minimization, transparency and legal grounds for the new datasets
- More phising emails, scams and bad uses of USB memories Ask processors for changes in their activities and controls