GDPR three years on: What do businesses really know?
Since 2018, all companies in the UK that store or process personal information about UK and EU citizens must comply with the United Kingdom General Data Protection Regulation (GDPR) which requires them to have an effective, documented, auditable process in place for the collection, storage and destruction of personal information.
Three years on from the introduction of the regulations, a new study(1) conducted by confidential shredding and records management company Go Shred reveals how much businesses and their employees really know and the impact home working has had on their ability to adhere.
Looking first at the impact of home working on businesses ability to stick to GDPR rules, the study revealed that since the beginning of the pandemic, a staggering 66% of home workers had printed work-related documents at home, averaging at five documents every week.
Shockingly, 30% admitted to printing contracts, and commercial documents at home. One in five (20%) has printed confidential employee information such as payroll, addresses and medical information outside the workplace, potentially breaching GDPR.
Go Shred also asked Brits about their knowledge of GDPR. Interestingly, 12% of those polled admit they have absolutely no knowledge of the rules, with 9% saying their employer has not reinforced rules around GDPR and sensitive information while working from home.
Two-fifths (41%) of homeworkers polled said they are aware of GDPR rules and regulations around printing confidential documents related to work outside the workplace, but they have no choice other than to print at home at the minute.
Over a third (36%) told Go Shred they are aware of the GDPR rules, so never print at home, and a further 19% admit they have some knowledge of the regulations but would like to know more.
Mike Cluskey, managing director at Go Shred said: “Three years on from the introduction of GDPR in the UK, and we can see there are still knowledge gaps amongst businesses and their staff. On top of this, the way businesses have been forced to work over the past 12 months has drastically changed and brought new risks to light.
“Working from home demands a different security standard than being in the office, especially when it comes to data security and disposing of confidential information. Although remote working has become the norm for many people, it is still daunting for both employers and home workers to think about GDPR compliance which requires businesses to keep all personal data private and secure.
“Companies of all shapes and sizes need to ensure GDPR compliance, whether you’re a startup or a well-established organisation, sticking within the existing guidelines is essential to avoid fines and reduce the risk of data breaches. We urge business leaders to look at their existing practices online and offline and consider whether they are still working for their remote staff. Homeworkers should also take extra precautions to make sure they are doing everything they can to protect confidential data and information.”
To find out more about the study, please visit: https://www.goshred.co.uk/go-shred-blog.html