GDPR: are you unknowingly breaching the law?

What does GDPR mean to you? Perhaps you thought your role in it all ended when you received your last ‘we don’t want to see you go, please stay on our mailing list’ request last summer. Well, you could be unknowingly (and regularly!) breaching this legislation in and out of work…

How employees risk breaching GDPR legislation…

What’s the issue here?

GDPR requires personal data to be secure at all times. Personal data refers to all ‘information about a particular living individual. It doesn’t even need to appear especially private in nature; if someone accessing the data could identify its subject then you are most definitely dealing with personal data.

For this reason, it’s suggested that pseudonyms and encryption, and other such measures, are used to secure all personal data.

Transferring data to phones and laptops, which can easily be lost or stolen, and email accounts and apps, which could be hacked or accessed by third parties, increases your risk of a data breach.

It’s not just employees overlooking GDPR. The Independent reports that many small businesses remain ‘clueless’ about the legislation.

Could you be dismissed for breaching GDPR?

Serious breaches could indeed lead to dismissal; your employer’s disciplinary procedures may state this.

GDPR requires more serious breaches to be reported to the Information Commissioner’s Office (‘ICO’). The ICO has a helpline which will guide you through the necessary measures to ensure the data breach is contained.

This isn’t to say that every breach must be reported to the ICO. Rather, it’s those that are higher risk.

What to do next…

  • Stop using personal accounts and tools to deal with work communications and/or data! If your employer is actually asking you to use these, direct them to the above links to ensure they are aware of the data breach risks.
  • Consult your employer’s GDPR guidelines and training materials.
  • Speak to your HR team or a manager if you have any additional concerns.
  • Visit the ACAS and ICO websites for legal information regarding GDPR.
  • Any employers would be wise to provide adequate training to all team members. Both to ensure you’re being responsible and to support your ‘learning culture’.