May 29, 2018
Most companies and their managerial staff will have been getting to grips with updating data protection policies and procedures and cleansing their data bases for some time but, if their employees don’t understand their roles, responsibilities and rights when it comes to GDPR, and haven’t been trained, you could be leaving yourself wide open to the possibility of a data breach. After all, data protection is everyone’s responsibility.
Staff must be trained on new data protection procedures to ensure the safety of the personal data you hold on customers, suppliers, partners, contractors, employees etc. For example, ensure they understand the rules for using portable devices like laptops and mobile phones out of the office, in order to keep data secure.
If the worst happens, your employees must know precisely what to do and by when. They should know to whom to report and that there should be no delay in informing this person of the breach. After all, under the Regulation, serious breaches need to be notified to the ICO within 72 hours.
This new regulation has teeth. The fines have increased dramatically so you need to emphasise to your staff that there are very real consequences of a data breach under the new Regulation. Whilst the maximum fine is now €20m or 4% of global turnover there are also potentially serious consequences in terms of reputation and consumer trust – arguably equally important as the punitive measures.
As an employer, you have access to personal data about your employees.
Tell your staff –
Don’t forget to communicate in plain language. The GDPR can seem complicated but clear communication will assist your employees to understand their personal obligations when dealing with customers, their rights as an employee in your organization and, as a customer in their own personal capacity.
