09 December, 2020
As we all look forward to the possibility of less restrictions, a vaccine, some return to normality and return to the office, many of us will continue to work from home.
The General Data Protection Regulations (GDPR) continue to focus on recordkeeping and data protection impact assessments, protecting unauthorised access of data. The pandemic may well have resulted in some companies enjoying a lower level of data protection compliance and regulators adopting a lower standard of compliance. That does not, however, allow organisations to lower their guard. Organisations will need to justify lowering their standards to avoid the courts taking a different view.
The COVID19 pandemic appears to have resulted in an increase of attempted cyber-attacks, phishing emails and other attempts to gain access to important data. Whilst people continue to work from home, using their own devices or insecure home Wi-Fi routers, the risks remain high. GDPR requires an organisation to ensure that it has appropriate security, including protection against unauthorised or unlawful processing, using appropriate technical organisational measures to protect its data. Whilst it is commonplace for a company to argue, "it was sophisticated hack", they will need to establish that they have taken appropriate measures to avoid the hack in the first place.
Where people are working from home, possibly unsupervised, there is risk they could reveal company data to others. The recent case of Morrison's does allow organisations to avoid liability for the actions of a rogue employee sending out data for the for their own personal reasons. It does not however enable them to avoid liability for mistakes when those employees are acting in the course of their employment furthering the organisations business.
If you think you have been the victim of a data breach you may be entitled to claim compensation. Please contact us if you feel you have a claim.
For more information contact John Bennett in our Data Breach Claims department via email or phone on 01254 872111. Alternatively send any question through to Forbes Solicitors via our online Contact Form.
Learn more about our Data Breach Claims department here