Regulations have remained in force
However organizations have reacted, there has been widespread suspension of corporate policy standards to maintain business services in very challenging circumstances. At the same time, external standards have not been relaxed, and this situation represents a key challenge for organizations attempting to restore business-as-usual.
Three steps in getting back to BAU
The successful return to BAU under CCPA/GDPR will require companies to audit the formal and informal processes people have used through the pandemic so that data use and data security can be fully assured. This will require some detective work, but planned correctly, this can be done in a systematic and thorough way:
- This first step will be to consolidate and review the policy changes made by HR, IT and others prior to having staff working from home. This will provide a baseline of the changes that have been authorised.
- The second step will be to engage with staff and survey them to understand, in detail, exactly how they worked from home, which equipment they used, its level of security, the timescales involved, and whether there were any issues. In the majority of cases, there will be nothing that raises concerns, but triaging the issues that do emerge will help address any issues quickly and successfully.
- The third step is to address how data is used in the classic workaround toolset – the Excel spreadsheet. The power, flexibility and ubiquity of spreadsheets means that they are often used to help glue disparate processes together. The pressure to continue working as close to normal as possible will have accelerated their use still further during the crisis. It will be essential to understand quickly which spreadsheets have been used in critical business processes, and what changes have been made and by whom.
Taking these three steps will provide organizations with a data management framework that will accelerate the return to BAU, while supporting compliance with CCPA/GDPR. With the “return to normal” being so varied and unpredictable across the world, there is ample scope to start implementing these frameworks now.