This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.

Privacy implications arising from COVID-19

Iverna Mulliah , IT Auditor |

20 May 2020

BDO GDPR during COVID-19

The COVID-19 pandemic has forced changes to the way businesses operate. Work-from-home has taken a new dimension as more companies adapted to this new reality. To contain the spread of the virus, health authorities in Malta encouraged businesses to shift to remote working as much as possible. Technology played and will continue to play a significant role in enabling a dispersed workforce to work seamlessly and remain connected. However, this transition has caused a number of challenges including personal data security, for those who never had a remote work culture.


The risk profile of certain data processes for data security within companies has changed as a result. Therefore, companies should have in place appropriate data security measures over personal data to mitigate the associated risks. For instance, a Data Processing Impact Assessment (DPIA) would ensure the effectiveness of the data security procedures and would help the organisation to identify and mitigate risks associated with remote working. It would also help the organisation to meet the General Data Protection Regulation (GDPR) requirements.


There could be various circumstances where an organisation may become vulnerable to threats and data security gaps. A lack of data security awareness by employees could result in the violation of company’s policies and procedures by the employees regarding data processing, data storage and data transmission using unsecured private devices and networks. Therefore, it is the responsibility of companies to implement controls regarding data leakage, blurring of personal and business use of data, terminated employees and loss/theft of devices.


Furthermore, amid this situation, some organisations have had to implement a bring-your-own-device (BYOD) measures to ensure business continuity. In these circumstances, though the organisation remains the owner of the personal data, the devices processing the data are not legally owned by the company. Therefore, it is the responsibility of these companies to educate their employees in recognising General Data Protection Regulation (GDPR) risk and work with employees on ways to mitigate those data security risks.


BDO Malta is here to help.

BDO’s Technology Advisory team can support your business by helping you comply to GDPR.

For more information about data security & GDPR, contact BDO today:


Office phone number:
Are you a BDO Client?:

Is this regarding a RFP?: