New figures released today reveal that 43 per cent of UK office workers say there is still data in their organisation that isn’t secure.
The poll also finds that six out of ten office workers claim they haven’t been given training on how to deal with the new GDPR regulations, which will worry employers given the new regulation comes into play tomorrow.
Part of the new GDPR criteria states that any company which processes or stores personal information relating to European citizens must comply with the stringent new laws relating to data privacy and storage. This includes any personal data kept on file, whether physical or digital.
The poll of 1,250 workers, made up of people from across various industries, identified key problem areas in offices across the UK where sensitive information is at risk including: 44 per cent who admit to throwing paper documents straight into the bin and 37 per cent admitting they had accidentally seen private emails and documents on their colleague’s screen in the office.
No room for risks
Sammy Bartley, qualified GDPR practitioner for the office product industry says, ‘One thing is very clear, no organisation can afford to take risks with the personal data they hold and a robust data protection policy is crucial. Although this sounds daunting these regulations will protect consumers against companies that hold inaccurate and unneeded data about them, as well as ensuring greater emphasis is put on prominent and unambiguous customer consent with the ability to withdraw at any time.
‘It is important to start the preparation for GDPR as soon as possible – the new regulations means you need an effective, documented and auditable process in place for the destruction of confidential information, including the secure shredding of obsolete sensitive paperwork.’
Fellowes has put together last-minute tips to ensure data is secure ahead of tomorrow’s GDPR deadline:
- Conduct a data flow exercise to understand what data you currently hold, where has it come from, where is it stored, why have you got it, who has access to it and is it shared to any other party.
- If you don’t need personal data or are holding more information than you need to about individuals, securely destroy any printed documents by shredding.
- Ensure your business has a robust policy to deal with unneeded records, such as a compulsory requirement to delete expired digital documents.
- The GDPR will give individuals more rights than the current Data Protection Act (DPA) to access their personal data from a company. Companies must respond within one month to requests.
- Inaccuracy in personal information is one of the subjects covered by the GDPR, so if you know a record is inaccurate, either delete it or securely shred it to minimise the risk of further inaccuracies, mistakes or negative consequences for the person it relates to.
Find out more information visit Fellowes’ dedicated GDPR page here.