Many of us will remember 2018 as the year that the General Data Protection Regulations (GDPR) were implemented, replacing the twenty year old Data Protection Act and introducing new obligations on organisations that process personal data. However, a survey carried out at the end of the year suggests that the importance of protecting personal data is not a message that has reached all workers and this is putting employers at risk.
According to the survey, carried out by probrand.co.uk, 64% of those employees taking part admitted to already having breached GDPR by forwarding emails, containing personal data, to their own personal email accounts. In addition, out of those that held their hands up to this, 84% did not think they had done anything wrong because there was nothing malicious in their actions. However, this is unlikely to provide a defence to an allegation that GDPR has been breached.
Steps To Reduce Employees Breaching GDPR
As we reported in our blog about the case of Wm Morrison Supermarkets Plc v Various Claimants last month, it is possible for Employers to be found to be liable for data protection breaches carried out by those that work for them even where they don’t know they are happening. The findings of this survey suggest that workers represent a potential weak link in an organisations data protection procedures, but what steps can be taken to reduce the risks?
Staff Training
Of course it is important for directors and high level managers to be aware of the requirements of GDPR but they are unlikely to oversee all of the information that comes in and out of a business on a day to day basis. Make sure that all staff, including new starters, are aware of the risks, your procedures and know what to do if they identify a data protection breach.
Update policies, publicise and enforce them
Last May, employers were being advised to put in place GDPR compliant staff polices but this is only part of the story. Once you have a policy in place this should be regularly reviewed to ensure it is still fit for purpose, it should be kept easily accessible to staff and, if there are failures to comply with it, appropriate steps should be taken to address these.
Review working from home practices
According to the survey, many of the breaches admitted to by workers were as a result of emailing work to their personal email address so that they could continue to work from home. Review whether it is necessary for workers to take work to complete at home at all. Could there be something preventing them from getting the work done in their contracted hours? For those who do need to work from home, are there improvements that can be made? For example does your IT system allow for secure remote access which would remove the need for anything to be emailed to personal email addresses?
How Can Nelsons Help?
Laura Evans
is specialist Employment Solicitor at Nelsons.
For further information or to comment on this article, please contact our employment law specialists on 0800 024 1976 or via our online form.