Home » Topics » Governance, Risk and Compliance » Almost 20% of workers still haven’t been given company GDPR policy

Almost 20% of workers still haven’t been given company GDPR policy

Avatar photoby Michael Baxter

Speak to an expert on GDPR and they would say that organisations wishing to reduce their risk of a potential fine under GDPR need to train staff.

Breaches will occur, that is inevitable. If a privacy regulator, such as the ICO in the UK, finds that the breach could have been avoided, or the response to the breach would have been more effective, if staff had been better prepared, then the fines are likely to be much higher.

A developer’s guide to surviving the impending General Data Protection Regulation

Tips for surviving the biggest data protection shake-up in decades

Despite this, a poll of over 1000 UK workers released by Fellowes found that one in ten didn’t know who was responsible for GDPR at work. One in five (18%) thought it was their manager’s responsibility and another 10% believe it is up to office managers to monitor confidential data regulations and 6% thought it was up to their board of directors to ensure that they were compliant with GDPR.

>See also: Still not GDPR compliant? It’s time to get a move on

The study found:

  • 17% of workers have never been given a concrete company policy on GDPR.
  • 54% have seen personal or confidential data they shouldn’t have.
  • 33% of workers admit they have left confidential or personal data unattended
  • 45% have sent a confidential email to the wrong person.
  • 61% have received an incorrect email from the wrong person. (Note that discrepancy, 45% admit to sending email to the wrong person, 61% have received the wrong email.)
  • 19% have left a USB pen lying around somewhere.
  • 14% have left confidential documents in public places.

The data also reveals that many are more likely to be challenged about missing deadlines and being late (17%) than ensuring that they are compliant with GDPR.

Darryl Brunt, Country Head UK & Ireland at Fellowes, said: “One in ten workers don’t know who is responsible for GDPR within their business, and the truth is, protecting confidential data is everyone’s responsibility. It’s also troubling to see that almost one in five workers haven’t been given a concrete policy for handling GDPR. This has to change, or businesses will pay the price.”

>See also: A CTO guide: The main challenges of cyber security

Avatar photo

Michael Baxter

.Michael Baxter is a tech, economic and investment journalist. He has written four books, including iDisrupted and Living in the age of the jerk. He is the editor of Techopian.com and the host of the ESG...

Related Topics

GDPR

Related Stories

Governance, Risk and Compliance

Two ways to improve GDPR enforcement

Martin Davies of Drata explains how GDPR is currently enforced and how enforcement could be improved across the European Union

Governance, Risk and Compliance

Four in five IT leaders concerned about data compliance

Cloudera research reveals that 79 per cent of IT leaders see compliance as the main data management concern, despite widespread investment

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Governance, Risk and Compliance

What unbundling Microsoft Teams will mean for EU customers

In the midst of an EU antitrust investigation, Microsoft Teams is now set to be offered to businesses separately from its Office suite