Came across this news report and it struck a chord with me.
GDPR: Small business owners still ‘clueless’ about data protection rules, study claims
Small business owners polled for a new survey have admitted they are still “clueless” about GDPR – leaving the personal data of millions of employees and customers at risk.
Half of the 1,000 questioned were confused by the rules when it came to data protection and privacy regulations.
As a result, owners and employees alike have made mistakes or have procedures in place which could have resulted in a multi-million pound fine for the business.
More than a quarter of those polled allowed staff to use their own computers, tablets and phones for work purposes which contravene rules as personal data could be stored unencrypted at home.
And one in 10 revealed they have visitor books in their HQ – where visitors can freely see details of others who have been there previously.
“As the results show, many businesses could be in breach of GDPR – most likely without even realising it,” said Chris Mallett, a cybersecurity specialist at Aon which commissioned the research.
“Visitors books, allowing staff to use their own mobiles for work purposes and even seemingly minor things like distributing sponsorship forms around the office carry risk.
“Yet these sorts of things are commonplace among businesses big and small across the UK.”
GDPR Covers More than you Think.
The research also found a quarter had used training materials which featured the full details of real-life case studies.
Sixteen per cent had used promotional images which included members of staff wearing their nametags – making them publicly identifiable.