Think Data Compliance is someone else’s responsibility? Think again!

To truly work at maintaining GDPR compliance within an organisation it is key that it be a cross-company effort. Although it only takes a few changes in behaviour to create a compliant environment, not all workplaces appear to be taking it as seriously as they should and without realising one person’s mistake could easily snowball and have a detrimental effect to the whole company.

Businesses come in all sizes, and every business, regardless of its size, must be compliant; whether that’s a 2–3-person team, a small company of 15 employees or a large organisation, every employee must ensure they are following the rules in place. However, it is important to note that any company with over 250 or more employees should legally appoint a dedicated Data Protection Officer (DPO).

One common mistake that many companies make is seeing GDPR legislation as just a digital requirement, investing heavily in digital security whilst forgetting to review the whole workspace environment. 

GDPR is not just an IT issue

GDPR impacts every department, from HR, legal, marketing, procurement, training, to security. Some items which come under legislation include:

• Email addresses
• Payroll Information
• HR and personnel Files
• Company Letterheads
• Pricing details
• Strategies & Plans

GDPR and Human Resources

All teams have a part to play in staying compliant, including the Human Resources department. Not only should the Human Resources team be responsible for making sure employees are aware of how to manage their own GDPR compliancy, teams should also be thorough when processing personal and sensitive data for all new and existing employees, and potential candidates. This could include asking new joiners for consent for DBS checks/ DVLA checks and authorisation to process data for payroll. Think; what data are you collecting, now does this data move through your business, how is it stored, and when and how is it destroyed?

GDPR in Sales & Marketing

These teams will be one of the most important teams for managing GDPR deliverability within the organisation. The collection, retention and processing rules are much tighter in this area of work and the current GDPR legislation lists an extensive document containing 99 articles detailing these key areas – so it’s a hot topic not to be overlooked! It is also key to remember that all Electronic marketing needs to also comply with the UK’s Privacy and Electronic Communications Regulations (PECR) so it’s important to refresh knowledge regularly.

There are 3 key areas that these teams need to consider- data permission, data access and data focus. By concentrating on these areas of compliancy a team will inadvertently start creating campaigns with a higher degree of GDPR focus. They will build meaningful customer relationships with more personalised data and improve the overall relationship with their audience.

Warehouse

No longer should the security of data be delegated to an IT team; all employees must keep compliance at the forefront of their mind and guide everything they do, even in the warehouse. It is wrong to assume that the warehouse environment is the least likely place for a potential data breach. Information can be imparted from simple delivery notes or order forms. The most effective solution in the warehouse is a heavy-duty paper shredder that can destroy a high volume of obsolete paperwork with ease.

Call centre

Whether your call centre operation specialises in sales, customer service, market research, telemarketing, or a combination of functions, your building will be a buzz of activity.  With so many people working in close proximity to one another in such a fast-moving environment, it is easy to forget about the data on the screen, the paperwork on the desk, the confidential transaction, and the mobile phones.

With so much personal data involved,
GDPR compliance should always be a high priority.

What can you do to remain GDPR compliant?

With expert solutions tailored for every team’s needs you can make every aspect of your working day secure, protected, and risk-free. Below are some common mistakes that can be avoided with simple modifications to your equipment and processes.

It is crucial to secure your private documents away after use to align with GDPR regulations. If these documents hold personal and sensitive information make sure you can keep them safe, dispose of them correctly and keep them for no longer than necessary.

When devices are stolen or lost the information on these devices is also compromised. Locking your items can help protect against a data loss or breach which will put any organisation at risk. For many the cost of replacing these devices is a concern but the potential privacy damage is significantly more alarming.

Organising your luggage when travelling can deter any potential threats. Hybrid workers or those who travel for work should allocate time to pack devices and files away correctly in a secure bag or suitcase ready for their journey.

Are you taking it seriously?

A study of over 1,000 UK office workers* found that almost 90% were more likely to be given a ticking off for failing to empty or load the office dishwasher than for slacking on data regulations. Another half of office workers said they had seen personal data they shouldn’t in the office, and over a third admitted to leaving confidential files lying around.

Setting some time aside to create a GDPR strategy that fits every area of your business is a vital first step. Remember, GDPR is not the role of a single employee – it is key to engage your entire workforce in order to maintain effective practices.

For more information, support and advice, or to find your perfect data protection solution click here.

If you enjoyed reading about our tips on how to stay GDPR compliant on the move, be sure to follow us on our social media by clicking below to be the first to hear about our latest news and blog posts.

*Fellowes Brands Research, May 2019