The document discusses steps that organizations should take regarding GDPR compliance as work returns to normal after the coronavirus crisis. It recommends re-establishing physical control over IT assets by requesting their return and inventorying documentation. It also suggests completing disrupted work like updating data registers and contracts. Further, it advises fixing past shortcomings by meeting with relevant teams to discuss changes, exceptions, and policy waivers. Finally, it notes that organizations should reassess privacy risks and plans given new vulnerabilities from increased remote work and data sharing during the pandemic, as GDPR enforcement will return to normal levels.

1. HernanHuwyler
IELawSchool
@hewyler
GDPRduring the coronavirus crisis

3. Regain the physical control
• Request the return of the IT
assets
• Inventory of documentation
from homes and carriers to
the office
• Destroy unneeded
documentation
The return of IT assets

4. Complete disrupted work
• Update the data register
(RoPA)
• Review contracts with
emergency IT service
providers
• Ensure integrity of
consents
Fix past shortcomings

5. Meet with HR, IT, compliance
and ops
• Discuss changes and
exceptions
• Identify policy waivers
• Align plans to return to
normal
• Update remediations in
Normalize activities

6. Reevaluate your privacy plan
• Reevaluate the budget and
targets
• Resume ongoing due
diligence
• Ask for pending certificates
• Protection to non-vaccinated
staff
Adjust activities

7. Identify new vulnerabilities and
threats
• More ecommerce clients
• Spear-phishing after
Facebook breach
• Downsized staff
• Work from anywhere
• More data sharing to
Reassess privacy risks

8. GDPR enforcement
and fines are also
coming back to
normal
Watchdogs are waking
up.

9. @hewyler
/hernanwyler
mydailyexecutive.blogspot.com