Tag: #GDPR

10 Ways to Maintain GDPR Compliance on Your Business Website. #GDPR

GDPR can prove to be a minefield for unprepared businesses, so keep reading if you’re looking for some simple tips to remain GDPR compliant on your website…

Utter the letters GDPR (in the order, of course) and some business owners will instinctively shudder. In May 2018, data protection reforms were enforced, which meant that the General Data Protection Regulation was brought into effect, helping to protect the personal information of people whilst online.

The GDPR is widely considered to be the world’s strongest set of data protection rules, which places limitations on what organisations can do with the personal data they collect. Such data could include something as obvious as an individual’s name, or something more sensitive like their racial or ethnic origin.

In short, regulatory compliance is non-negotiable; failing to comply with GDPR simply isn’t an option for any business, no matter how big or small. Any breach, intentional or not, can result in a heavy fine, so how can businesses ensure to comply on their websites? Read on to find out…

10 Tips for Maintaining GDPR on Your Business Website?

1.) Understand the Law in Detail

First thing’s first, you’re going to need a comprehensive understanding of the law surrounding GDPR and what it can mean for your business. The best way of doing that is by hearing it straight from the horse’s mouth.

The government have published an extensive guide on GDPR, explaining every single legislation, with no stone left unturned. There’s no promising that it’s going to be a particularly compelling read. That said, it’s important that you review it and make sure you understand how it will apply to your businesses’ website. 

2.) Staff Training and Awareness

The people that will be responsible for maintaining GDPR compliance will be your employees. So, it’s a good idea to make sure that they are well trained and aware of their obligations when it comes to handling personal data.

Training doesn’t have to be as intense as reading the entire guide to GDPR word for word. However, you should make sure to stress to your employees the importance of making safety and privacy their top priorities.

3.) Conduct Regular Risk Assessments

Granted, risk assessments aren’t exactly thrilling, but nor is being hit with an avoidable fine. An effective risk assessment will help your business to identify if there are any potential threats to the way you’re storing and transferring data.

From here, you’ll have a clearer idea as to how you can beef up your security processes, ensuring that you remain within the parameters of GDPR.

4.) Audit Any Personal Data You Hold

The personal data that your website stores – where did it come from, where’s it going, how long will you hold it for? These are the sorts of questions you should be asking to ensure that you’re able to keep it secure.

Finding and recording answers to all of these questions can be made that much easier by carrying out an audit. From here, you can reduce the number of physical places that data is being stored in. This should help to establish a sustainable framework for keeping customers and clients’ information secure.

5.) Have a Policy Management System in Place

Staying on top of GDPR compliance isn’t always a simple task, especially when your business is using methods of communication such as email and corporate internet. So, to help counteract this potential stumbling block, your business should consider implementing policy management software.

This can help to streamline internal processes, as you’ll have a centralised solution for creating and distributing sensitive documents. This will make it much easier to keep track of compliance.

6.) Establish Procedures to Report Data Breaches

The GDPR requires that all organisations which experience data breaches that compromise personal data should notify the Information Commissioner’s Office (ICO). Failure to alert the ICO will lead to further fines – far from ideal.

So, to avoid this from happening, your business will need to have robust procedures in place that can quickly detect, report and investigate breaches. 

7.) Ensure all Endpoints are Fully Protected

To achieve full GDPR compliance, all of your endpoints should be fully protected. For those not already in the know, this is the practice of securing any potential entry points in user devices, such as laptops, from malicious attacks.

To demonstrate compliance, businesses are required to show that they have taken all the necessary steps to secure their systems. This includes evidence of updates, and patches being applied to security software.

8.) Update Your Privacy Policy

If your business collects personal data on its website, then you’ll need to make sure that you have an updated privacy policy that covers some essential ground. Privacy policies that are GDPR compliant cover a few essential pieces of information, such as:

 

  • Your identity
  • How information will be used
  • Your legal basis for processing data
  • Your data retention records

9.) Review How You Record Consent

If you rely on getting individual’s consent to process personal data, there are specific standards that must be met. 

This means that your business may feel it necessary to review the systems you have in place for recording consent, ensuring that you have an audit trail that can be presented if required.

10.) Appoint a Data Protection Officer

Organisations that employee more than 250 people, are a public authority, or are involved in the regular and systematic monitoring of data subjects on a large scale, should appoint a data protection officer.

Data protection officers can take proper responsibility for data protection compliance, as well as having the in-depth knowledge to do their job effectively.

Are You Trying to Make Sure Your Businesses’ Website Is GDPR Compliant?

So, there you have it! Follow these tips closely and you shouldn’t go too far wrong when it comes to staying GDPR compliant.

Have you got any more GDPR tips you think would be worth sharing? Feel free to leave a comment below with your own suggestions!

3/4s of Irish businesses say Ireland’s data protection is becoming increasingly “uncertain” #WorldDataProtectionDay

76% of Irish businesses have experienced growing uncertainty across the data protection spectrum over the last 12 months with no signs of this abating. This is according to a new survey  from the Association of Compliance Officers Ireland (ACOI) released today in the run up to World Data Protection Day (Jan 28th).

The survey of more than 250 organisations throughout the country – answered by ACOI members with responsibility for compliance in financial and other organisations, sought to assess views surrounding Ireland’s data protection landscape for 2021.

Respondents cited uncertainty as a result of Brexit (32%); an increase in remote working (26%) and the impact of the Schrems II ruling (23%) as the primary drivers behind heightened threats to data protection and mounting challenges for organisations in ensuring compliance.

Speaking of the findings, Michael Kavanagh, CEO of the ACOI,

These are turbulent times in the world of data protection and there is no doubt that businesses and other organisations throughout Ireland are struggling with a myriad of issues. It is perhaps unsurprising that Brexit is the forerunner in terms of what people see as the reason behind the growing uncertainty in DP, but what’s arguably more insightful is that more than ¼ of respondents say the growing prevalence of remote working is causing major issues and a similar number feel that the implications of the Schrems II ruling is adding to the ambiguity”.

The ACOI have set out key data protection areas for concern and action that they believe should be on the agenda of business entities throughout the country if they want to successfully navigate their way through 2021:

  1. The Schrems II ruling and international data transfers.

Mr. Kavanagh explained,

“Businesses will be watching closely to see the final outcome with regard to the European Commission’s recent public consultation on a draft revised set of standard contractual clauses (SCCs). SCCs are widely used by both SMEs and multinational firms to facilitate international transfers of data. Similarly, in our experience, industry views the proposed supplementary measures proposed by the European Data Protection Board (EDPB) as too onerous and unworkable.

  1. Brexit

The ACOI report that, while the Trade and Cooperation Agreement’s provision of 4 – 6 months ‘transition’ for UK-EU data transfers is welcomed, businesses must remain vigilant and watch closely to assess if an adequacy decision will take place within that timeframe.

  1. Guidance

According to the ACOI, more clarity and consistency on implementation of fines would be hugely beneficial to companies of all sizes across all industries, to enable these organisations and their Boards to adequately assess the risk and impact of potential fines and take appropriate action.

  1. The Basics

Mr. Kavanagh went on to advise,

“Businesses should continue to focus firstly on the basics. Having clear policies in place and developing a robust data protection culture throughout the whole organisation. Human error is often a key factor in data breaches, so ensuring that new and existing staff receive regular training on privacy best practice is key.”

The ACOI survey also revealed that, of the smaller cohort of survey respondents who believe the landscape is actually less uncertain that it was a year ago (24%) the increased clarity on Brexit (31%) and DPC Requirements and penalties (29%) and improved staff training were seen as the main reason for this.

F-Secure urges public to act now as UK sits on ticking time bomb of data fraud. #DataFraud #FSecure #DataPrivacyDay

Ahead of Data Privacy Day on 28 January 2021, cybersecurity experts F-Secure are calling for consumers to be more aware of where their data is as the UK faces major challenges with data fraud.

The plea comes following the news that credit card, identity and cyber-fraud is now the biggest type of crime within the UK, meaning that it is the most likely crime the public will fall victim to. In 2019-20 there were 3.7 million reported incidents according to the Crime Survey for England and Wales.

Tom Gaffney, principal security consultant at F-Secure comments: “The ongoing COVID-19 pandemic has seen an increase in internet usage, from shopping online to homeschooling and criminals are looking for ways to exploit the sharp rise of online resilience.

“Whilst F-Secure research found that 65% of internet users are worried or very worried about having their identity stolen, many consumers are still making obvious errors when it comes to their online activity. This is a serious issue and if criminals do get hold of our data they can do anything – from stealing our passwords, to accessing our critical accounts, to taking over our identities. It’s therefore really important that people start being more vigilant with their personal data so they don’t fall victim to crime.”

Here are four common mistakes that leave people vulnerable online and what they can do to increase their protection:

 Sharing isn’t always caring:

Streaming services have soared since the pandemic with many of us turning to TV in lieu of normal activities. But with this has come an increase in sharing platform logins.

F-Secure research last year found that 42% of Brits said they share streaming services with between one to three people, including those outside of their own household such as colleagues and former partners. Subsequently, 37% of people are getting their online content through a mix of their own subscriptions and using shared access through someone else’s account.

The danger here is that your password is in the hands of someone else who may not be following best practice when it comes to data security. So whilst it may seem like you’re doing a friend a favour, it may result in you being a victim of crime.

Password problem: 

F-Secure research found that 41% of respondents use the same password on multiple accounts, with 56% using the same password with only slight variations. With the average person having 18 password protected accounts, one leaked credential could quickly lead to multiple risks for each user.

It’s therefore vital to have strong, unique passwords across accounts to be protected. Regularly change these too and make use of software that securely saves them for you.

Living your life online:

There is no doubt we are all spending more time online since COVID-19. However, this can mean personal details are being shared more than ever, which can lead to clues about passwords. Kids’ names, birthdays, pets, anniversaries and addresses can all be common threads when it comes to passwords and sharing these online can lead to criminals accessing your accounts and data.

So, think twice about what you share and who to. As ever it’s always good to keep on top of your privacy settings on social media too.

Educating home learners:

With many of the UK’s children currently homeschooling, the use of online tools and resources have soared. Lessons are now carried out via Zoom or Google Classroom, and apps such as Reading Eggs and Numberbots have become great ways to educate at home. However, these accounts are often set up quickly by parents or by children themselves with little or no understanding of the importance of secure passwords and accounts. This creates dangerous territory for many.

Children are typically well educated on cyber bullying and other dangerous online activity but less so on fraud. Now is a great time to explain to children why keeping personal data secure is so crucial and how criminals can exploit these details if they’re not safeguarded.

Despite the very real threat of cyber-crime, many people still aren’t putting suitable measures in place to protect themselves. Creating and managing multiple strong and unique passwords is tricky, which is why F-Secure launched ID PROTECTION, helping users stay safe online while removing the hassle of juggling several passwords at once. ID Protection also continuously monitors and detects exposed personal information online, providing instant alerts and guidance on how to respond when there has been a breach or data leak.

Review – The Aegis 3NXC hardware-encrypted USB Flash Key. #Apricorn #Aegis #Tech #Security

The Aegis 3NXC is the most versatile hardware-encrypted USB on the market: it is compatible with PCs and Macs, as well as any operating system, including Windows, Mac, Linux, Android and Symbian. This provides an effective way of safeguarding data across today’s remote workforces, where employees are using a diverse range of business and personal devices to carry out their work. The device automatically encrypts all information as the user uploads it, with military-grade AES XTS hardware encryption.  

Last year we checked out their USB – A 3NX Flash Drive and Fortress L3 padlock and to date both have kept me safe and sound along with my data which is the topic of the day lately and everyone needs to buckle up now when it comes to storing or being in control of data.

 

 

The New Aegis 3NXC is a more current offering as more devices now move to USB-C there is little out there when it comes to security measures,here in Ireland we have no many laptops with USB-C but here is where this key gets more interesting, You mobile phone is one as most phones today are USC and not only this portable devices in particular so now it is easy to move data from your phone or tablet onto the key and your data is then safe and kept that way, None of my laptops have a USB-C port but this also works with an adapter from USB A- TO C , A workaround for products connecting to my current set up but none the less it works and future proofs upcoming tech peripherals using USB-C.

For use on mobile is great though you can also use other devices that have USB-C ports and with a screen to watch what is going on, For those on the go this is an idea product especially in my capacity with the amount of files and videos I would take on my smartphone on a daily basis it is a simple job to swap them over onto the flash drive and it is all kept safe.

Features

 

  • No software – so there’s nothing to keylog or to hack. 
  • OS agnostic – the device is completely cross platform compatible. 
  • Onboard keypad – all authentication takes place within the device itself. 
  • All data, passwords and encryption keys are 256-bit encrypted at rest. 
  • No host computer is involved in setup, authentication or encryption. 
  • Forced enrollment – no default PINs ensures that data is not put at risk by employees who fail to change a factory set PIN before deployment. 
  • IP-68 validation against water and dust damage. 
  • Separate administrator and user access. 
  • Read-only options that can be enforced by the administrator or set by the user if allowed by policy. 
  • Highly configurable with policy such as time out values, Data recovery PINs, and programmable PIN lengths. 
  • Brute force PIN attack protection. 
  • Ability to automatically configure multiple devices remotely using Apricorn’s Aegis Configurator tool. 

BUY HERE 

 

 

Irish Businesses Facing Penalties as Data Protection Commission’s October 5th Deadline Lands

Businesses all over the country were scrambling last week to make the necessary adjustments to their websites as the Oct 5th deadline for online cookie compliance[1] fast approached. But by today businesses will be expected to have complied, and it’s unlikely that the many businesses that didn’t devote the necessary resources to this project will have gotten there on time. However, this should not dissuade them from taking action now, as there are significant penalties for non-compliance under GDPR legislation. This is the advice of the ACOI (Association of Compliance Officers Ireland) who say that implementation of the Data Protection Commission’s (DPC) guidance has significant implications for Irish businesses, particularly those SMEs whose resources may be already fully focused on surviving Covid and preparing for Brexit.

Michael Kavanagh, CEO of the ACOI explained,

The ending of the grace period for implementing the DPC’s guidance on cookies and tracking technologies (See Appendix) is today October 5th, and anecdotal evidence has suggested that for many organisations, this has been overlooked, with energy, time and resources being placed instead on responding to COVID and Brexit. But it hasn’t gone away – and even though the business environment has never been more challenging, compliance is expected and will be enforced. With GDPR, the DPC has the power to impose significant sanctions on businesses that don’t comply, for example, if it was proven that a business did not gain affirmative consent from consumers using the site, then then they could potentially be fined a percentage of their turnover”.

In late 2019, the DPC carried out a cookie sweep of thirty-eight organizations, with a view to understanding current levels of compliance in Ireland[2]. The ACOI say this exercise raised significant issues across a range of areas. Some of the issues highlighted included websites setting cookies immediately on the landing page, in many cases for non-necessary cookies. Others misclassified cookies as necessary or strictly necessary, while consent was found to be bundled in many cases. In April 2020, the DPC then issued a guidance note which is intended to ensure greater levels of adherence across Irish organisations, and businesses were given 6 months to bring their sites in line with these new practices.

Mr. Kavanagh went on to comment,

The implications for Irish businesses are considerable and extend beyond meeting the DPC’s list of requirements. For marketing and sales teams, the need to receive consent before deploying analytics cookies will effectively set a new baseline for their website metrics. A significant number of users are unlikely to opt-in, making it difficult to accurately compare year-on-year performance across the site. Customer service departments relying on website chatbots to deal with consumer queries must assess how to cater to customers who choose not to opt-in to this function. Many companies will need to implement a consent management platform (CMP) if one is not already in place. It will not be feasible to manually oversee aspects such as the requirement to reaffirm consent every six-months. Lastly, any firms still relying on pre-ticked forms of consent must amend their practices soonest. Compliance professionals will need to consult widely across the business to ensure key departments and stakeholders are aware of the upcoming changes, and to minimise the potential impact on day-to-day operations”.

The ACOI advise that all businesses should give high priority to this issue for the remainder of the year.

Appendix – Key Considerations from the DPCs Guidance Notes

  1. Organisations must obtain consent to store or set cookies.
  2. The rules apply even where cookies do not store personal data. ePrivacy focuses on the confidentiality of all electronic communications. If personal data is stored, the additional requirements of GDPR apply.
  3. Consent must meet GDPR standards, being freely given, specific, informed and unambiguous. It must be as easy for a user to withdraw consent as it was to provide it in the first place.
  4. Pre-ticked boxes and bundled consent, where approval is sought for a range of processing activities, are not allowed.
  5. Continuing to use a website or scrolling through a landing page do not imply consent. It must be an affirmative action by the consumer such as ticking a box.
  6. Default settings on a browser do not constitute affirmative consent.
  7. Analytics cookies require consent. However, the guidance states it is unlikely first-party analytics will be considered a priority for enforcement action.
  8. Consent must be reaffirmed every six months. It is worth noting a similar view has been taken by the French supervisory authority.
  9. Businesses must have clear retention periods for each cookie. Retaining cookie data indefinitely does not meet the GDPR’s requirement for proportionality.
  10. The guidelines do not recommend a particular method for obtaining consent. They recognise that website cookie banners are a typical way of achieving this objective.
  11. Companies should avoid using language or interfaces that nudge the user to accept cookies.
  12. The Commission recommends having both a cookie policy and a privacy policy, as these meet the requirements of ePrivacy and GDPR respectively.
  13. The guidelines apply to other tracking technologies as well as cookies. For example, pixel trackers, like buttons and social sharing tools.
  14. Companies must be aware of any data shared with third parties, for example through social tools, and put in place data processing agreements where necessary.
  15. Finally, every effort should be made to present cookie banner information in a clear and accessible manner.

Review – The Secure Drive KP Hardware Encrypted External Portable Drive. #Tech #Security

In a day when GDPR is an important issue and can land you in big trouble if you leak data you need to be kept secure and what a better way to begin in a personal or corporate capacity with having the latest tech at hand to insure data is controlled and kept safe. Secure Drive offer a range of products and multiple storage levels and price points to do so and again this is portable can fit in your pocket or tech bag and so on.

We have reviewed several of the products from the company and still use them today to protect data and for someone on the move like me given no so much of late with the pandemic I have my files and data in order and have them kept safe and these products will do so and certainly worth a look.

The Secure Drive KP portable drive is another offering from the business which has a keypad rather than bluetooth like the 1TB SSD we reviewed recently this is more James Bond looking than the KP version yet as secure and people do ask what the item is and some have not even realised such tech has existed from my findings going around to meetings and so on.

This offers the following below..

Benefits and Differentiators

  • FIPS 140-2 Level 3 Validated: Certificate #3297
  • Award Winning: Red Dot 2019 Award Winner
  • OS/Host Independent. Works with any device with a powered USB port
  • Hardware Encryption – AES256-bit XTS
  • Interior Parts Covered in Epoxy – No intact media removal for hackers
  • User Authentication via On-board Alphanumeric Keypad (7-15 Digit PIN)
  • Brute Force Anti Hacking Protection – Safe Delete/Wipe of All Data/Keys
  • Admin/User Mode, Read-Only Mode, Auto-Lock
  • Preloaded with DriveSecurity® ESET Antivirus (1 Year License Included)
  • Slim: 12.5mm (HDD – 1TB,2TB), (SSD – 256GB-8TB)
  • Standard: 20.5MM (up to 5TB HDD)
  • 2 Year Limited Warranty (HDD Model)
  • 3 Year Limited Warranty (SSD Model)

This is easy to set up and maintain with no additional software required either which is a bonus,check out the video below on how it works and check out the variants and prices on offer and keep your data in a safe place and do not fall into trouble with the DPC (Ireland) given they are all talk and no action to date. Some of these drives will cost you money up front however in the current times we live in and when data needs to kept secure now is the time to prepare and be ready rather than wait for a problem to arise and the suite of products on offer from Secure Drive will certainly keep you and your data safe and your peace of mind.

Also check out the SECURE DRIVE USB KEY REVIEW

and the Bluetooth USB Key

BUY HERE

Review – The SecureData Bluetooth 16GB Secure USB. #Tech #SecureData

The SecureData 16GB Secure USB is a Hardware Encrypted USB Flash Drive built with strong and sturdy from a physical side to been Encrypted.   The flash drive looks like an ordinary flash drive but is configured via mobile to allow access once plugged into a Laptop. The flash drive also comes with preinstalled Malware Protection as little point backing up corrupted files.  This model is available in 16GB, 32GB, 64 GB and 128 GB, big enough for data in terms of computer backup files, etc. Recently from the company we checked out the secure drive USB key and secure drive ssd drive 

 

Features:

  •         IP57 Certified: Dust and Waterproof (up to 1m)
  •         OS/Host Independent. Works with any device with a powered USB port
  •         Interior Parts Covered in Epoxy – No intact media removal for hackers
  •         Hardware Encryption – AES256-bit XTS
  •         User Authentication w/ Secure Wireless Mobile App w/ Encrypted BT (iOS/Android)
  •         Remote Wipe, 2 Factor Authentication, FaceID/Touch ID Authentication, Password Retrieval
  •         Admin/User Mode, Read-Only Mode, Time Out Auto-Lock
  •         Remote Management Ready – Learn More
  •         Preloaded with DriveSecurity® ESET Antivirus (1 Year License Included)
  •         3 Year Limited Warranty
  •         4GB, 8GB, 16GB, 32GB, 64GB and 128GB options

 

 

 

Setup:

The setup is standard, Scan the QR code from the Quickstart guide, install, (Write down the 8 digit code on the silver part of the USB flash drive). Plugin the USB drive and follow the instructions on screen. 

Once installed using the 8 digit code (written down) and the default code is given in the quick start guide the drive is set up. It is recommended to change the default code via the app, and ensure this new code is kept safe away from the actual flash drive. When setting up full access to the 16Gb data is available on the Flash drive with the option to run the antivirus software stored on the drive.

 

 

Note The option to remote wipe if the flash drive is lost or stolen.

 

Conclusion:

Good practice of backing up personal data is important for individuals but for any business, this is critical whether documents, contacts, contracts, correspondence, accounts, and so on. The loss of data can compromise a company leading to lost profit, damage to reputation, and recovery costs. The dilemma is then how to backup, leaving on site opens the opportunity to fire or flood where all the data is lost or stolen. Removing the data off-site is good practice but the potential of loss or theft of the data has many implications and fines through GDPR if in the wrong hands.  The SecureData 16GB Secure USB device is an ideal option with the data encrypted to a high standard with various levels of security to ensure the data is not compromised if lost.

The use of the device would require careful monitoring if given to an employee, as should the employee leave not on the best of terms the pin code may not be provided.  There is No backdoor if the PIN is forgotten the data is permanently erased after 10 consecutive incorrect PIN entry attempts. This is ideal if lost or stolen whereas a challenge if lost by a staff member.

Following on from software “First, if you didn’t go looking for it, don’t install it. Second, if you installed it, update it. Third, if you no longer need it, get rid of it!” and finally if you need it Back it up,  The SecureData 16GB Secure USB is Military Grade AES256 bit encryption which should the worst happen you are covered.

 

https://www.amazon.co.uk/SecureData-SecureUSB-Hardware-Encrypted-Compliant/dp/B07LFNY1CP €105

87% willing to share their personal data to solve COVID-19. #GDPR #COVID-19

New research indicates a massive 87% of Irish people would be willing to share their personal data and medical records if it helped to solve a global pandemic like COVID-19. While 84% believe technology will ultimately help to beat the outbreak. This has been a recent topic of discussion on social media and forums due to GDPR and it is good to see people have some sense around this crisis we are now under for god knows how long.

The research was commissioned by the Irish Computer Society as part of currently ongoing Tech Week 2020, which aims to provide new and creative ways to help students engage with technology and provide them with hands-on opportunities to learn about how computing and related technology are reshaping every area of life.

Undertaken for the Irish Computer Society by iReach, the research surveyed 1000 people across Ireland in a range of age groups, providing insights into perceptions of COVID-19, technology, privacy, working, and social media. It found that:

  • 87% would be willing to share their personal data and medical records if it helped solve a global pandemic like COVID-19. This number rises to 93% in the 18-24 and 55+ cohorts.
  • 60% (71% of the 55+ cohort) would be open to an implantable device/chip if it made medical conditions easier to manage and enhanced day-to-day life.
  • 84% think technology can help to beat the Coronavirus outbreak. This increases to 92% in the 18-24 cohort and 90% in males.
  • 83% think technology will change the way we work after the COVID-19 crisis.
  • 78% don’t trust social media in spreading awareness about COVID-19 prevention. (55% in the 18-24 cohort do not trust social media for this purpose).

Jim Friars, CEO of the Irish Computer Society said: “Researchers, businesses and innovators around the world are putting technology to work to alleviate the effects of the global health crisis. From applications that collect data to track the spread of the virus to 3D printed ventilators for hospitals, it is no wonder that 84% think technology can help to beat the Coronavirus outbreak.

“Our survey further suggests that there is also a considerable cohort, 60% who would be open to an implantable device/chip if it made medical conditions easier to manage and enhanced day-to-day life. This figure rises to 71% in the over 55’s age cohort.”

“Efforts to contain the spread of Coronavirus have also reached new levels. As the pandemic spreads further, it has become clear that personal data will play an essential role in understanding the virus and ultimately containing it. Our survey indicates that the vast majority of people are happy for medical researchers, practitioners, and public health officials to collect and analyse their personal data in a bid to better track the virus, learn more about how it spreads, and predict its movements.”

“One of the most common tools being employed around the world has been the gathering of location data using smartphones and data from mobile networks. Our phones track our steps and many people have wearable devices that can collect statistics on our vitals and lifestyle. Potentially, this data could now be used to track and accelerate a cure for COVID-19.”

“With this data available intelligent machine learning algorithms could identify trends that human experts can miss, then raise insights and recommendations for professionals to review and validate. The process could ultimately speed up detection in the case of COVID-19.”

“Governments around the world are already using technology to track the coronavirus outbreak as they race to stem its spread. China, Singapore and South Korea are using a combination of location data, video camera footage and credit card information, to track COVID-19 in their countries. There are also proposals to introduce track and trace technology here by way of an opt-in mobile phone app that will allow people to be notified if they were in close proximity to confirmed cases.

“However, while this presents many opportunities, it also raises important questions on data ownership, access and privacy. Concerns have already been raised by privacy activists about the use of temporary ‘symptom tracker’ applications used in the fight against the outbreak. Any personal data collected should be protected to the maximum extent of the law, anonymised as much as possible and disclosed only to health authorities, and not under any circumstances shared with other authorities without explicit consent.”