A majority of employees don’t know what their workplace is doing ahead of the General Data Protection Regulation (GDPR), a survey of non-legal and technical staff suggests. The survey was by OnePoll for Egress, a secure data transfer product company.
Tony Pepper, CEO of Egress, said: “Over the past two years, GDPR has been effective in pushing data protection up the boardroom agenda, and technology and compliance teams have been working overtime to make sure their organisations are ready. However, data security doesn’t stop at their office doors.
“This survey shows over 50 percent of staff do not have a clear understanding of what their company is doing to prepare for GDPR, despite three-quarters of staff handling personal information on a daily basis. Combined with the ICO’s findings last week that human error accounted for the top five most common security incidents last quarter, this suggests a worrying disconnect between what organisations have agreed at a corporate level versus the communication and education of employees who will need to act out these changes. With GDPR only days away, organisations have a huge amount of work left to do if they are to ensure their staff don’t unwittingly put their businesses at risk.”
Employees are still sharing personal data over personal apps, the survey suggested. There is some technical compliance, as 42 percent of employees are provided with a way to safely share information at work, such as email encryption, encrypted file transfer or secure project collaboration tools. Despite this, one in five, 20 percent of people admitted to using personal apps or web services to share company documents. Personal email came first, with 12 percent of respondents choosing it as one way to quickly share documents, while other answers included social media (seven percent), messaging apps (seven percent) and personal cloud (three percent).
The marketing department appears the worst offender, with 70 percent admitting to having used personal accounts – with social media being the most popular. This is especially concerning as employees in marketing were also most likely to handle personal data (96 percent of marketing respondents).
Tony Pepper said: “Most of the time, employees aren’t trying to put their company at risk. They are just trying to get their job done, and often turn to personal apps and devices simply because they find them more convenient. However, this creates massive risk of non-compliance with GDPR, with organisations unable to track where data is stored and who is accessing it. The solution? Security technology that actually works for users. Only by putting users at the centre of the technology we develop and procure can we ensure they’ll use these tools to protect personal data. What’s more, these technologies can actually help to maintain employee productivity – providing no excuse for using personal apps and devices.”
Only half (49 percent) felt that their company was doing enough to protect personal data in light of recent breaches.
Tony Pepper said: “It’s great to see some companies and specific departments clearly getting it right when it comes to GDPR awareness. However, it’s concerning that this isn’t the case for more than half of the survey’s respondents. Awareness is a huge part of compliance: everyone who handles personal data should be able to identify and protect it. As the ICO’s data also shows, human error continues to account for a very high percentage of data breaches, so organisations need to be doing all they can to provide staff with security safety nets that prevent data breaches. This can only be achieved through a blend of awareness, training and getting the right security technology to support the day-to-day work staff are doing and the personal data they routinely handle.”
