With the new General Data Protection Regulation (GDPR) coming into effect in May 2018, private information that isn’t destroyed correctly, or stored securely, could lead to UK businesses being fined a substantial £20 million per breach.
With such huge financial penalties in play, it is vital that sensitive information audits are conducted by businesses who handle personal data.
A recent survey, conducted by office product specialist Fellowes, highlighted that employees are not taking data protection seriously despite the financial risks to their employers.
According to the study, 20 per cent of UK office workers never shred documents, with 40 per cent of employees admitting they often throw client data straight into the bin.
A further 27 per cent of people admitted to having left confidential papers in fax machines, photocopiers and scanners. Whilst one in ten (11 per cent) confessed to leaving confidential papers from meeting rooms or desktops.
Darryl Brunt, UK Sales and Marketing Director at Fellowes comments:
“Despite the impending GDPR deadline, our research shows that many companies don’t appear to have systems and policies in place to protect sensitive information.”
“It’s essential for businesses to have robust procedures in place to protect personal and confidential documents – including the secure shredding of obsolete sensitive paperwork.”
The statistics, which will concern employers across the UK, pose significant risks to client data breaches in an environment with a growing threat from fraud, misappropriation of confidential data and security leaks.
In the past year alone, there have been a number of cases were sensitive information has been found in public areas. For example, in October this year confidential child protection documents were found ‘blowing around’ a street in Leicester. There was also a case when private police documents were found in a park in Bath.
With new GDPR legislation looming, a sensitive information audit could prevent serious data breaches like these.
An audit should look at the best ways to manage records, protect sensitive information and destroy confidential documents. It also needs to assess the efficiency of your existing data protection protocols and identify any cost savings that can be made.