UK workers are risking GDPR penalties by forwarding work emails to personal accounts

Many UK businesses are risking penalties by failing to adhere to GDPR legislation.

A survey of 1,002 UK workers in full or part-time employment has revealed that an incredible 64% of people admitted to having forwarded a customer email to their personal email account in the four months following the introduction of GDPR.

Given that earlier research from the company found that more than half (55%) of all UK based businesses were breaching GDPR laws by not having an official process or protocol for disposing of obsolete IT equipment, this news is perhaps less surprising.

Worryingly, according to the data, 84% of the workers who admitted to forwarding customer emails to their personal accounts didn’t feel they were doing anything wrong (as there was no malicious intent behind their actions) despite the fact that this notion of innocence would likely be deemed irrelevant if it came to a legal judgement over whether there had been a breach of GDPR laws.

Matt Royle, marketing director at Probrand, who commissioned the research, comments: “What may seem like an innocent and even helpful action of workers trying to catch up on work out of hours is actually a clear breach of GDPR laws. This is because the worker in question will have unwittingly forwarded sensitive personal customer information and/or their own employer’s Intellectual Property to a third party outside of the corporate network.

“Of course, in the vast majority of cases this will have been done with the best intentions, with the employee simply planning to pick up their work at home - but given the amount of publicity around GDPR it is perhaps surprising that more workers (and employers) are not aware of the basics of what is required for GDPR compliance.

Royle went on to add: “...It is clear from these findings that businesses need to do more to educate their employees on the laws surrounding GDPR and data protection.  Seemingly innocent actions could have substantial repercussions. A GDPR breach can result in fines that potentially run into the millions – this financial impact along with the knock on effects this can have for businesses, including reputational damage, the loss of customer loyalty and trust, can be hugely damaging for companies in the long term.”