Nearly half of UK workers still believe data isn’t secure in their business ahead of GDPR deadline this week. A third (31%) said their business wasn’t taking action to ensure compliance
A new study released today has found that 43% of UK office workers believe there is still data in their organisation that isn’t secure, with 6 out of 10 (59%) office workers admitting they haven’t been given training on how to deal with the new GDPR regulations just days before they come into effect.
Office product specialist Fellowes conducted the survey to understand if businesses and employees were prepared for the looming GDPR deadline, and found there is still a huge lack of understanding on how to keep company data secure.
The poll of 1,250 workers from across various industries identified key problem areas in offices across the UK where sensitive information is at risk including:
- 44% admitted to throwing paper documents straight into the bin
- 37% admitting they had accidently seen private emails and documents on their colleague’s screen in the office
Part of the new criteria states that any company which processes or stores personal information relating to European citizens must comply with the stringent new laws relating to data privacy and storage. This includes any personal data kept on file, whether physical or digital.
Fellowes, which is celebrating 100 years in the office product industry, helps to protect companies with innovative office solutions including paper shredders, the first line of defence for data protection and PrivaScreen™ blackout privacy filters which prevent prying eyes from reading your screen. Bankers Boxes from Fellowes also ensure any documents that must be stored can be easily located if required.
Sammy Bartley, qualified GDPR Practitioner for the office product industry, commented:
“One thing is very clear, no organisation can afford to take risks with the personal data they hold and a robust data protection policy is crucial. Although this sounds daunting these regulations will protect consumers against companies that hold inaccurate and unneeded data about them, as well as ensuring greater emphasis is put on prominent and unambiguous customer consent with the ability to withdraw at any time.”
“It is important to start the preparation for GDPR as soon as possible – the new regulations means you need an effective, documented and auditable process in place for the destruction of confidential information, including the secure shredding of obsolete sensitive paperwork.”
Key tips to ensuring data is secure in an organisation include:
- Conduct a data flow exercise to understand what data you currently hold, where has it come from, where is it stored, why have you got it, who has access to it and is it shared to any other party.
- If you don’t need personal data, or are holding more information than you need to about individuals, securely destroy any printed documents by shredding.
- Ensure your business has a robust policy to deal with unneeded records, such as a compulsory requirement to delete expired digital documents.
- The GDPR will give individuals more rights than the current Data Protection Act (DPA) to access their personal data from a company. Companies must respond within one month to requests.
- Inaccuracy in personal information is one of the subjects covered by the GDPR, so if you know a record is inaccurate, either delete it or securely shred it to minimise the risk of further inaccuracies, mistakes or negative consequences for the person it relates to.
Find out more at Fellowes dedicated GDPR page here.