When responding to COVID-19, it’s important to both scrub your hands and also scrub your data practices.
As Jonathan Armstrong, partner at Cordery Compliance explains in this podcast, organizations – and not just those based in the EU — need to keep the European General Data Protection Regulation (GDPR) in mind during this crisis.
That’s especially true when it comes to how employee data is handled. For one, organizations need to be particularly careful when sharing employee data even with the government. It’s also important to recognize data collected for one purpose cannot simply be used for other purposes without conducting a Data Protection Impact Assessment (DPIA). For example, employees may understand the company keeps track of gifts and entertainment for anti-corruption purposes. But, if the company then starts using that to track who the person met with for evaluating possible COVID-19 exposures, there may be compliance risk.
Health data requires even more sensitivity, and it’s imperative that organizations look closely as to who has access to it.
Listen in to learn more about practices to watch out for and some specific steps to start taking right away.