The General Data Protection Regulation has been described as the most significant overhaul in data protection in a generation.
Statistics suggest that the majority of organisations are still not prepared despite the prospect of irreparable reputational damage and being fined €20m or four per cent of worldwide annual turnover if they do not comply.
Christian Mancier is a corporate and commercial partner, as well as the data protection officer, at Stockport-based Gorvins Solicitors. He says the key for any organisation is staff training.
By training employees and “hammering home the basics” – from locking computer screens when away from your desk, encrypting data when taking it out of the office on a portable storage device or creating unique passwords to log onto systems – Mancier says a business can significantly reduce the risk of those human error breaches.
“Employees are often an organisation’s most valuable asset, however, they also constitute one of its biggest risks as a significant proportion of all data breaches are caused by simple human error, whether intentional or innocent,” he says.
“Any organisation can have the best written policies in the world, however, unless staff understand the implications of GDPR on the business (both financial and reputational) and how that impacts on them in their day-to-day roles, organisations will always run the risk of falling foul of GDPR by simple human error.”
Kathy Fleming, compliance manager at The Lead Agency, in Liverpool, says: “If an organisation is unlucky enough to have a data breach, one of the first things that the regulator will want to know is if staff are trained.”
Cloud hosting firm UKFast is providing free GDPR pocket guides containing valuable resources and guides from industry experts to help support businesses. Request your free copy here.