The ICO's recently-released survey measuring the British population's confidence in how their personal data is being managed captures public opinion at a unique moment in history. The pandemic has driven people to spend much of their lives online-communications regulator Ofcom found that during the outbreak's April peak, UK users spent more time on the Internet than ever before. Efforts to track and trace people with the coronavirus, from contact-tracing apps to requirements that pubs maintain a record of customers' visits, have ensnared consumers and businesses alike in a "privacy minefield".

High stakes

The ICO's survey highlighted how concerned consumers are about their personal information-a mere 27% of people polled had high trust in how organisations store and use their personal data. This has real implications for firms-the survey found that people are increasingly likely to choose service providers based on how they protect their data, and some 73% of respondents said that they would hold companies responsible for data breaches involving their personal information.

Failing to sufficiently protect consumers' personal data also entails steep financial consequences. While the pandemic has put the ICO's operations on pause, the data protection watchdog has already announced its intention to fine British Airways a whopping £183 million after 500,000 customers' financial information was compromised, while Marriott is on the hook for £99 million over a data breach. Across the Channel, the EU has already reaped €114 million in fines since the flagship General Data Protection Regulation (GDPR) came into force in May 2018, most notably a €50 million penalty which the French regulator slapped on Google.

Compliance no easy task

The punishing fine for Google came after the tech giant insisted that it had spent "hundreds of years of human time" trying to bring its operations in line with the GDPR. Indeed, though firms have expended huge amounts of cash and manpower to comply with the GDPR and other similar data privacy regulations-the Global 500 firms have forked over an estimated $7.8 billion to adhere to the GDPR, and yet a Bloomberg survey of organisations across sectors found that only 44% of respondents rated their firm as fully compliant with the privacy regulation.

Indeed, many companies are still relying on temporary solutions while trying to devise more permanent processes to keep up with the latest data privacy regulations. Firms are particularly struggling to implement systems allowing them to quickly pull together what's often an overwhelming amount of data from disparate sources to respond to requests from clients or regulators.

Creative solutions from the startup sphere 

Unsurprisingly, tech innovators have stepped in to offer bespoke solutions to alleviate the increasing burden of complying with privacy legislation. Tech startup Manetu, for example, recently rolled out its Consumer Privacy Platform (CPM). Manetu CPM, which has already signed up some 250,000 users since its kick-off a few months ago, is a cloud-based platform which does the heavy lifting of bringing together all personal data held by a company into a single encrypted privacy vault.

The software-as-a-service (SaaS) scheme deploys advanced machine-learning algorithms to comb through stored data, including through common enterprise tools such as SalesForce, and Outlook, in order to pull together all personally identifiable information that a firm has in its possession. The Manetu CPM then organises and classifies this data and uploads an encrypted copy of the information to its Privacy Master Portal.

Manetu itself cannot access the data managed by its platform-but customers whose identity is verified through biometric security can easily use the portal to view and make changes to their personal data. Clients can also use the platform to provide or revoke consent, permissions which are then automatically transmitted back to the company storing their data.

Perhaps most importantly, Manetu's automated system uses distributed ledger technology to generate an immutable log of the permissions that consumers have granted or withdrawn. This register, in turn, provides businesses with valuable evidence to hand to regulators in order to prove their compliance with privacy legislation.

Pandemic presents fresh challenges

While cutting-edge technological solutions such as Manetu's CPM promise to ease the burden of complying with data privacy regulations, the rapid shift to remote working ushered in by the pandemic is creating new areas of concern. In the UK, for example, while the government has been carrying out a concerted campaign to convince people to return to the office, some 9 out of 10 people have indicated that they want to continue working from home.

This quick uptake of remote working has sparked new data privacy concerns, as employees are increasingly managing sensitive information from their personal devices. Firms are starting from a disadvantage-in a survey last year, 44% of remote employees admitted that they never encrypted data and 76% confessed that they had accessed work files with unprotected devices; another recent poll confirmed that 48% of employees are less likely to follow safe data practices while working remotely. Technological tools can again mitigate the risks associated with the new normal of working-from software to encrypt the hard drive of any device employees are using to access work data to corporate VPNs to secure file transfers.

Technological tools could also alleviate one of the biggest challenges facing the UK hospitality industry-how to collect the personal information needed for tracking and tracing coronavirus contacts without running into privacy pitfalls. As cybersecurity experts have warned, many businesses will use basic spreadsheets and cloud platforms for simplicity, risking an explosion of data breaches. While hard-hit pubs and restaurants may be unable to invest in high-tech data collection infrastructure, relatively inexpensive tools that cryptographically pseudonymise guest registers could ensure that customers' personal data isn't recognisable if data repositories are hacked.

Even before the pandemic, companies were facing increasing pressure to better protect customer data in order to fall in line with privacy regulations and clients' expectations. The pandemic, thanks to remote working and track-and-trace schemes, has significantly accelerated this trend, making the technological solutions available to firms infinitely more valuable.