THU 28TH MAY 2020


Bringing the family business community together


26th March 2020 Christian Mancier, Partner, Gorvins Solicitors

Whilst the General Data Protection Regulation (GDPR) is probably the last thing on the mind of business leaders during these extraordinary times of the worldwide Covid-19 pandemic, it should not be completely forgotten.

This is particularly true given the seismic shift to homeworking.

With significant advances in technology working remotely from the office, whether that be from home or on the go, has never been easier. However, with remote working involving data being transferred over external networks (rather than simply moved between your desktop computer and the server down the corridor) and potentially employees taking personal data home with them (for example hard copy work files) the rules under GDPR still apply but are less easy to monitor and control than in an office based environment.

This means employees need to continue to keep data (including hard copy paper files) safe and secure such that they can’t be accessed by third parties. Employers also need to consider how employees are accessing work information and whether that involves a footprint of data being left on the employees own device at home or mobile device and how that is controlled.

The Information Commissioner’s Office (ICO), based in Wilmslow, has now issued some specific Covid-19 guidance to organisations. This can be accessed here 

Whilst a large part of the guidance focuses on health data and public messaging around Covid-19 (including what you should and should not communicate to your employees if you have a staff member diagnosed with Covid-19) there is some reassurance for businesses/data controllers in that the ICO acknowledges that “resources, whether they are finances or people, might be diverted away from usual compliance or information governance work” and that the ICO won’t “penalise organisations that [the ICO] knows need to prioritise other areas or adapt their usual approach during this extraordinary period.”

The ICO also goes on to state that it “can’t extend statutory timescales, but [the ICO] will tell people through its communication channels that they may experience understandable delays when making information rights requests during the pandemic.” As such businesses should remember the one month statutory timescale for responding to subject access requests still applies (bearing in mind the possibility of extending this to 3 months in certain circumstances), the fact that the regulator acknowledges there will be delays is something businesses will be relieved to hear during a time where businesses are adapting on a daily basis to new demands and challenges in these unprecedented times.

For any further information on GDPR, its application to your business and employees working remotely, please do not hesitate to contact Christian Mancier, Corporate partner, at Gorvins Solicitors via 



Supporting Links




Related News

Chefwear Manufacturer Scrubs Up!

Manchester chefwear manufacturer and family firm, Tibard, joins effort by making hospital scrubs for the NHS Read More

The Family Business Summit 2020

Join us for our first ever 'virtual' family business event that is taking place from October 12 to 23. Read More

New Screen Shield Security

Century Office, leading UK office furniture supplier in Colchester Essex, has announced the launch of a new desktop screen shield solution, Affix, to help offices get back to work after lockdown. Read More

comments powered by Disqus