One in five workers still haven’t been given a company GDPR policy by HR

2018 has been the year of GDPR – the four letters that have pestered businesses around the country for the best part of six months now. Yet, most of us still haven’t been taught what we can and can’t do in regards to the new GDPR rules.

A new study has found that almost one in five (17 per cent) of UK workers haven’t been given a concrete GDPR policy by their company.

According to the poll of over 1,000 UK workers released by Fellowes, one in ten didn’t know who was responsible for GDPR at work, while one in five (18 per cent) thought it was their manager’s responsibility. Another 10 per cent believe it is up to office managers to monitor confidential data regulations and six per cent thought it was up to their board of directors to ensure they were compliant with GDPR.

Despite the looming threat of hefty fines, as highlighted by Facebook’s recent GDPR breach that could cost the business up to $1.63bn (around £12.5bn), it appears employees are still taking huge risks with confidential data. According to data gathered from over 1,000 office workers in the UK, over half (54 per cent) had seen personal or confidential data they shouldn’t have. What will further worry HR professionals is that over one third admitted they have left confidential paperwork unattended at work.

And it wasn’t just physical files that were proving a GDPR risk to businesses, as under two-thirds (61 per cent) admitted receiving an email not destined for them at work since the GDPR deadline in May, while almost half (45 per cent) had sent a classified email to the wrong person by mistake.

The data also reveals that many are more likely to be challenged about missing deadlines and being late (17 per cent) than ensuring they are compliant with GDPR.

Darryl Brunt, country head of UK and Ireland at Fellowes, said: “One in ten workers don’t know who is responsible for GDPR within their business, and the truth is, protecting confidential data is everyone’s responsibility. It’s also troubling to see that almost one in five workers haven’t been given a concrete policy for handling GDPR. This has to change, or businesses will pay the price.”