Fellowes has revealed that almost half (46.8%) of UK office workers don’t know whether their company is taking action to comply with the new European General Data Protection Regulation (GDPR). This widespread confusion could cost UK businesses millions of pounds in non-compliance fines when the regulation comes into effect on 25th May 2018.
Fellowes commissioned research ahead of its three-month data protection campaign to help drive sales of its shredders and PrivaScreen blackout privacy filters. The campaign aims to gain better insights of how British companies and their workers are preparing for the changes in data protection law. The theme this year ‘Keep It Confidential’ focuses on protecting sensitive information in accordance with GDPR coming into effect next year.
The survey of 1000 office workers, found that one in 14 (7%) of employees believed their company was not aware of the new regulations, which aim to give citizens control over their personal data. Almost half (44%) of respondents admitted they had seen printed confidential documents at work, whilst a third (32%) had accidently seen private emails and documents on their colleague’s screen in the office. Over 3.2 million UK office workers (20%) also admitted to never shredding work documents, leaving them vulnerable to prying eyes.
Darryl Brunt, UK Sales and Marketing Director at Fellowes said, “despite the impending GDPR deadline, our research shows that many companies don’t appear to have systems and policies in place to protect sensitive information. If this data is then stored illegally – or falls into the wrong hands – the damage caused to the organisation could be irreparable.
“It’s essential for businesses to have robust systems in place to protect personal and confidential documents – including the secure shredding of obsolete sensitive paperwork. British businesses that don’t comply with the new GDPR from May next year could face huge fines of up to £18m or more.”
GDPR criteria states that any company which processes or stores personal information relating to European citizens must comply with the stringent new laws relating to data privacy and storage. This includes any personal data kept on file, whether physical or digital.
It is not just inside the office where people need to consider compliance, as 30 per cent of people admitted to having viewed someone else’s laptop during their commute. Businesses must ensure that even when working on the go, their employees are preventing others from obtaining information on their customers and contacts.
The new regulations will protect consumers against companies that hold inaccurate and unneeded data about them, as well as ensuring greater emphasis is put on prominent and unambiguous customer consent with the ability to withdraw at any time.
What you need to know about confidential information:
- If you don’t need personal data, or are holding more information than you need to about individuals, securely destroy any printed documents by shredding.
- Ensure your business has a robust policy to deal with unneeded records, such as a compulsory requirement to delete expired digital documents.
- The GDPR will give individuals more rights than the current Data Protection Act (DPA) to access their personal data from a company. Companies must respond within one month to requests.
- Inaccuracy in personal information is one of the subjects covered by the GDPR, so if you know a record is inaccurate, either delete it or securely shred it to minimise the risk of further inaccuracies, mistakes or negative consequences for the person it relates to.