The global economic outlook and course of business has changed dramatically and unpredictably, forcing people and businesses to adapt in a matter of days, weeks, or months. Anyone who has been unable or unable to adapt depending on the industry or market in which they operate is already or will inevitably be doomed to failure.

The clear answer to this new framework that forces us to be socially distant and forced to adopt remote mode is clearly technology. And with the increasing reliance on technology, accentuated in a transversal way with the pandemic crisis, the tension between the increasing use of data (many of which are personal and others considered sensitive) and the restrictions it imposes on its treatment and dissemination present us with all challenges of the first order.

The conveyance of conflicting interests and rights such as the right to privacy or freedom of movement as well as the protection of the right to health or social status will take place differently in each country. These are obligations that are difficult to make but which may have a different rating than what is structurally believed to be most appropriate.

In the various sectors and economic activities, too, regulators have taken different approaches to counter this crisis. In particular, data protection and privacy regulators have tried to compromise a number of principles previously seen as essential to address the need to respond to the health crisis and not to be viewed as obstacles to action to protect public health. The role perceived and played by Europe’s most consolidated independent regulators has been to act in the public interest and adjust their approach to ensure that it remains pragmatic and proportionate. However, it is important to know that we live in extraordinary times and that this enjoyment has numbered its days and is not unlimited.

On the other hand, it is becoming even more important for many companies that today rely on technology to pursue their goals and purposes to ensure compliance with processes and systems that are supposed to protect the privacy and personal data of their employees. , Customers or other stakeholders. This applies, for example, to the education sector, the health sector or the financial sector, to name just a few. Reputation and trust are essential for those who carry out their activities primarily or with a particular focus on the digital environment and for those who handle personal data and have a particular repetition in activities involving the processing of sensitive data.

As a result, IT departments face entirely new and additional challenges as most or all of the employees in many companies have been sent home to work remotely. These departments must therefore ensure the security of their systems, software and data outside the company network and at the same time meet the requirements of the General Data Protection Regulation (GDPR) with regard to protection against possible cyber attacks. Today, in many cases, corporate employees use single calls to connect to corporate networks while IT departments try to ensure the rapid and unplanned expansion of support infrastructures. The controls and processes are weakened and cyber risks and threats lurk.

The National Cybersecurity Center has already warned of the exponential increase in cyber attacks. Since the beginning of the pandemic, numerous information and awareness campaigns have been carried out for companies and individuals, for example the phishing campaign (by email, SMS or via social networks), the spread of digital platforms or applications for mobile devices infecting their devices with malware, including types of ransomware, digital scams, spread through electronic messages or on social networks, including illegitimate SMS.

In this context, the GDPR, which has been in force for more than two years but was passed with the Portuguese Enforcement Act a little over a year ago, has gained relevance and has a real impact on the daily lives of people and organizations.

Not only do business owners and managers need to comply with a legal obligation and fear the (heavy) fines forecast for non-compliance, they also need to consider the benefits and value of investing in data security and privacy and understand how that investment can work for your organization . Building a well-engineered information security and robust data protection program can improve the professionalism of a company’s employees and raise their public image.

In this quest to ensure privacy and data protection, there are two equally important, equally exposed, and equally indispensable battlefields – technology and people.

In the field of technology, data protection plays an additional role in protecting against cybercrime. Compliance with the GDPR means that the purposes for collecting personal data are precisely defined (cleansing of personal data), sensitive information is protected and software is used that removes outdated information.

Article 32 of the GDPR, which deals with security requirements, requires that public and private companies and organizations increasingly have to be structured and formalized in the way personal data is organized, including well-defined purposes for collection, transparency, Data minimization and support for the rights of data subjects.

Here we enter the human field. Given that most data breaches result from human error, training, information, and awareness of human resources is the cornerstone of the entire GDPR compliance process.

For this reason, it is important to structure processes in companies that ensure maximum efficiency when applying internal data protection guidelines. A comprehensive awareness and training program must be ensured so that a company’s employees can manage personal data on a daily basis. The combination of data protection and cybersecurity has become a best practice.

Cybersecurity is no longer an exclusive IT problem and has become a major concern for company management. In addition to the significant increase in investment to combat cybercrime, there is also a trend towards increasing the time and resources devoted to this issue.

Respecting privacy and data protection with well-structured practices and a team focused on this vision can bring direct benefits in new revenue opportunities or in reducing storage and opportunity costs (always with localized and updated information). Above all, however, it has an impact on the intrinsic value of the organization, its reputation and its credibility.

Working systematically and professionally in data protection means understanding the risks and directing efforts and investments into the right areas. The organizations that do this receive dividends in other areas of the business, such as: B. Risk management and corporate responsibility, data control operations and relationships with customers, employees and stakeholders.

Companies that equip themselves with more robust and integrated tools and capabilities for cybersecurity will have a competitive and differentiating factor here in the medium to long term that sets them apart from their competitors. Most importantly, a strong commitment to cybersecurity enables organizations to be empowered and better prepared for future large-scale disruptions and the reality of the new normal that will stay here.