Compliance couldn’t keep pace with COVID-19

The speed at which many workers moved to sustained home-working meant that not all the processes and procedures needed to maintain corporate standards could realistically be met.

Some staff took company equipment home, while others were forced to make use of their personal devices to do their work. Others had company equipment eventually delivered to their home, while other organizations did their best to revise and adapt their processes to reflect the new operational reality.

Three steps in getting back to BAU

The successful return to BAU under CCPA/GDPR will require companies to audit the formal and informal processes people have used through the pandemic so that data use and data security can be fully assured. This will require some detective work, but planned correctly, this can be done in a systematic and thorough way:

1. This first step will be to consolidate and review the policy changes made by HR, IT and others prior to having staff working from home. This will provide a baseline of the changes that have been authorised.
2. The second step will be to engage with staff and survey them to understand, in detail, exactly how they worked from home, which equipment they used, its level of security, the timescales involved, and whether there were any issues. In the majority of cases, there will be nothing that raises concerns, but triaging the issues that do emerge will help address any issues quickly and successfully.
3. The third step is to address how data is used in the classic workaround toolset – the Excel spreadsheet. The power, flexibility and ubiquity of spreadsheets means that they are often used to help glue disparate processes together. The pressure to continue working as close to normal as possible will have accelerated their use still further during the crisis. It will be essential to understand quickly which spreadsheets have been used in critical business processes, and what changes have been made and by whom.

Taking these three steps will provide organizations with a data management framework that will accelerate the return to BAU, while supporting compliance with CCPA/GDPR. With the “return to normal” being so varied and unpredictable across the world, there is ample scope to start implementing these frameworks now.

This will provide risk and compliance managers with a detailed picture of how people are managing core business processes, outside of the normal corporate IT environment. This will help inform and enhance the detailed recovery planning that many organizations now have in place.