A study has found widespread confusion that could cost UK businesses millions of pounds in non-compliance fines when the regulation comes into effect on 25th May 2018.
Office products specialist Fellowes, which commissioned the survey of 1000 office workers, found that one in 14 (7%) of employees believed their company was not aware of the new regulations, which aim to give citizens control over their personal data.
Almost half (44%) of respondents admitted they had seen printed confidential documents at work, whilst a third (32%) had accidently seen private emails and documents on their colleague’s screen in the office.
>See also: GDPR compliance: what organisations need to know
A massive 20% of UK office workers (over 3.2 million*) also admitted to never shredding work documents, leaving them vulnerable to prying eyes.
GDPR criteria states that any company which processes or stores personal information relating to European citizens must comply with the stringent new laws relating to data privacy and storage. This includes any personal data kept on file, whether physical or digital.
It is not just inside the office where people need to consider compliance, as 30% of people admitted to having viewed someone else’s laptop during their commute. Businesses must ensure that even when working on the go, their employees are preventing others from obtaining information on their customers and contacts.
The new regulations will protect consumers against companies that hold inaccurate and unneeded data about them, as well as ensuring greater emphasis is put on prominent and unambiguous customer consent with the ability to withdraw at any time.
>See also: The GDPR is not all doom and gloom
Darryl Brunt, UK Sales and Marketing Director at Fellowes comments: “Despite the impending GDPR deadline, our research shows that many companies don’t appear to have systems and policies in place to protect sensitive information. If this data is then stored illegally – or falls into the wrong hands – the damage caused to the organisation could be irreparable.”
“It’s essential for businesses to have robust systems in place to protect personal and confidential documents – including the secure shredding of obsolete sensitive paperwork. British businesses that don’t comply with the new GDPR from May next year could face huge fines of up to £18m or more.”
What you need to know about confidential information:
1. If you don’t need personal data, or are holding more information than you need to about individuals, securely destroy any printed documents by shredding.
2. Ensure your business has a robust policy to deal with unneeded records, such as a compulsory requirement to delete expired digital documents.
>See also: GDPR compliance – the real implications for businesses
3. The GDPR will give individuals more rights than the current Data Protection Act (DPA) to access their personal data from a company. Companies must respond within one month to requests.
4. Inaccuracy in personal information is one of the subjects covered by the GDPR, so if you know a record is inaccurate, either delete it or securely shred it to minimise the risk of further inaccuracies, mistakes or negative consequences for the person it relates to.