Intellectual property and GDPR implications
This article has been updated as of March 25th to include a link to the Tribe Tech Podcast which covers the key issues discussed below. You can listen to the podcast here: https://audioboom.com/posts/7533987-business-after-coronavirus
It is important that organisations remember that the decisions they make now will have consequences beyond the immediate situation. Taking a step back and assessing the long-term impact of decisions can be tricky when dealing with a crisis, but it is essential for the future health of the organisation.
Following the steps below will help to ensure that your business survives in the short term and thrives in the long term.
1. When asking staff to work remotely from home, or otherwise minimise face-to-face work, in addition to the employment law aspects (which our employment team can assist with if required) there are key issues around data protection and data security.
To help, we are providing free privacy impact assessment (PIA) templates where you are rolling out remote working. For businesses that have not sorted their GDPR fundamentals, we still recommend you still complete a PIA but, to help on your journey to compliance, we are also providing a free data mapping tool and guidance note.
2. When using online platforms for the first time, it is really important to check the terms and conditions.
Many platforms are not secure and could put you in breach of your legal obligations when it comes to data protection. This applies especially to tools that are used to store or share content or enable teams to communicate. Remember that you should not be using services that share or store data outside the EEA and that you should only use data where you have identified a valid lawful basis to do so.
3. Many businesses are starting to deliver their services digitally.
It is crucial that when you start sharing content digitally, you remember your long-term business goals. When sharing content through platforms you agree to abide by their terms and conditions. Often, this involves making your content available in ways that are contrary to your business goals. For example, a training company that decides to deliver its services digitally may lose its ability to control the IP in their courses, or a document sharing platform may invalidate any confidentiality for any documents shared through it.
4. Most cybersecurity breaches are still down to human error.
Many people will find themselves working from home for the first time. For some, this will be a stressful time. This, combined with increased isolation, meaning that people may be less able to ask colleagues for a second opinion, increases the risks that people will fall foul of cybersecurity scams, such as phishing exercises. Ensuring employees know to ask if in doubt is really important but consider also refreshing cybersecurity training.
5. In situations like this, your terms and conditions and brand protection come into their own.
Make sure that you understand your terms and conditions, especially provisions relating to force majeure, refunds, termination, cancellation or cessation of services and the provision of digital content (where relevant). Remember that the law offers consumers key protections and you need to respect those. Your terms should be clear and comprehendible to all and set out the ground rules for your business. Expect also for your brand to come in the firing line if consumers feel that your decisions are having a negative impact on them. Make sure your trademark registrations are up-to-date and you have a PR policy in place.
We will be continuing to share updates as the situation around COVID-19 evolves. You can find the contingency plans that we have put in place, along with further advice, here.View Article