Speak to an expert on GDPR and they would say that organisations wishing to reduce their risk of a potential fine under GDPR need to train staff.
Breaches will occur, that is inevitable. If a privacy regulator, such as the ICO in the UK, finds that the breach could have been avoided, or the response to the breach would have been more effective, if staff had been better prepared, then the fines are likely to be much higher.
A developer’s guide to surviving the impending General Data Protection Regulation
Tips for surviving the biggest data protection shake-up in decades
Despite this, a poll of over 1000 UK workers released by Fellowes found that one in ten didn’t know who was responsible for GDPR at work. One in five (18%) thought it was their manager’s responsibility and another 10% believe it is up to office managers to monitor confidential data regulations and 6% thought it was up to their board of directors to ensure that they were compliant with GDPR.
>See also: Still not GDPR compliant? It’s time to get a move on
The study found:
- 17% of workers have never been given a concrete company policy on GDPR.
- 54% have seen personal or confidential data they shouldn’t have.
- 33% of workers admit they have left confidential or personal data unattended
- 45% have sent a confidential email to the wrong person.
- 61% have received an incorrect email from the wrong person. (Note that discrepancy, 45% admit to sending email to the wrong person, 61% have received the wrong email.)
- 19% have left a USB pen lying around somewhere.
- 14% have left confidential documents in public places.
The data also reveals that many are more likely to be challenged about missing deadlines and being late (17%) than ensuring that they are compliant with GDPR.
Darryl Brunt, Country Head UK & Ireland at Fellowes, said: “One in ten workers don’t know who is responsible for GDPR within their business, and the truth is, protecting confidential data is everyone’s responsibility. It’s also troubling to see that almost one in five workers haven’t been given a concrete policy for handling GDPR. This has to change, or businesses will pay the price.”
>See also: A CTO guide: The main challenges of cyber security