64% of UK workers risk GDPR penalties
21 Dec 2018
A survey of UK workers reveals that a majority have forwarded a customer email to their personal account, violating the EU’s General Data Protection Regulation (GDPR) and potentially incurring large fines for their employer
21 Dec 2018
According to a survey of 1,002 UK workers in full or part-time employment, 64% admitted to having forwarded a customer email to their personal account in the four months 25 May 2018, when GDPR came into force.
The survey also found that 84% of the workers who admitted to forwarding customer emails to their personal accounts did not feel they were doing anything wrong as there was no malicious intent behind their actions.
GDPR includes a number of different requirements for the storage and sharing of data, including requiring that business develop safeguards to protect data, must clearly disclose any data collection, and make sure that data is not available publicly without informed consent.
Organizations in breach of GDPR can be fined up to 4% of their annual global turnover or €20m (£18m), whichever is greater. This is the maximum fine that can be imposed for the most serious infringements, such as not having sufficient customer consent to process data.
The survey was conducted by IT marketplace Probrand. The company conducted research earlier in the year and found that more than half (55%) of all UK based businesses were breaching GDPR laws by not having an official process for disposing of obsolete IT equipment.
Matt Royle, marketing director at Probrand, said: ‘What may seem like an innocent and even helpful action of workers trying to catch up on work out of hours is actually a clear breach of GDPR laws.
‘This is because the worker in question will have unwittingly forwarded sensitive personal customer information or their own employer’s intellectual property to a third party outside of the corporate network.
‘It is clear from these findings that businesses need to do more to educate their employees on the laws surrounding GDPR and data protection. Seemingly innocent actions could have substantial repercussions.
‘A GDPR breach can result in fines that potentially run into the millions - this financial impact along with the knock-on effects this can have for businesses, including reputational damage, the loss of customer loyalty and trust, can be hugely damaging for companies in the long term.’
Report by James Bunney