UK businesses admit to GDPR confusion

This week sees the launch of Fellowes three-month data protection campaign to help drive sales of the world’s toughest shredders and PrivaScreen blackout privacy filters.
The theme this year is ‘Keep It Confidential’ which focuses on protecting sensitive information in accordance with GDPR coming into effect next year. Fellowes commissioned research ahead of the campaign to gain better insights of how British companies and their workers are preparing for the changes in data protection law.
The research has revealed that almost half (46.8%) of UK office workers don’t know whether their company is taking action to comply with the new European General Data Protection Regulation (GDPR). The study found widespread confusion that could cost UK businesses millions of pounds in non-compliance fines when the regulation comes into effect on 25 May 2018.
Fellowes, which commissioned the survey of 1000 office workers, found that one in 14 (7%) of employees believed their company was not aware of the new regulations, which aim to give citizens control over their personal data.
Almost half (44%) of respondents admitted they had seen printed confidential documents at work, whilst a third (32%) had accidently seen private emails and documents on their colleague’s screen in the office.
A massive 20% of UK office workers also admitted to never shredding work documents, leaving them vulnerable to prying eyes.
GDPR criteria states that any company which processes or stores personal information relating to European citizens must comply with the stringent new laws relating to data privacy and storage. This includes any personal data kept on file, whether physical or digital.
It is not just inside the office where people need to consider compliance, as 30% of people admitted to having viewed someone else’s laptop during their commute. Businesses must ensure that even when working on the go, their employees are preventing others from obtaining information on their customers and contacts.
The new regulations will protect consumers against companies that hold inaccurate and unneeded data about them, as well as ensuring greater emphasis is put on prominent and unambiguous customer consent with the ability to withdraw at any time.
Darryl Brunt, UK Sales and Marketing Director at Fellowes commented: “Despite the impending GDPR deadline, our research shows that many companies don’t appear to have systems and policies in place to protect sensitive information. If this data is then stored illegally – or falls into the wrong hands – the damage caused to the organisation could be irreparable.
It’s essential for businesses to have robust systems in place to protect personal and confidential documents – including the secure shredding of obsolete sensitive paperwork. British businesses that don’t comply with the new GDPR from May next year could face huge fines of up to £18m or more.”
What you need to know about confidential information:
If you don’t need personal data, or are holding more information than you need to about individuals, securely destroy any printed documents by shredding.
Ensure your business has a robust policy to deal with unneeded records, such as a compulsory requirement to delete expired digital documents.
The GDPR will give individuals more rights than the current Data Protection Act (DPA) to access their personal data from a company. Companies must respond within one month to requests. 
Inaccuracy in personal information is one of the subjects covered by the GDPR, so if you know a record is inaccurate, either delete it or securely shred it to minimise the risk of further inaccuracies, mistakes or negative consequences for the person it relates to.

Don’t forget to follow us on Twitter like us on Facebook or connect with us on LinkedIn!

Be the first to comment

Leave a Reply