Data protection breach by an employee

09 July 2019

A breach in your private data can have extremely serious consequences, so it’s very important you maintain a strict company policy for all of your data. But what will happen if there’s a breach of the Data Protection Act by employees? There are, potentially, major legal ramifications, so this guide will take you through the right procedures to follow.

Data protection principles

The General Data Protection Regulation (GDPR) arrived in May 2018. It’s overhauled how you must not process and handle personal data. Now, you and your employees have various new responsibilities to consider. And the Data Protection Act also helps to maintain the basic principles of GDPR.

You can read more about GDPR on Acas’s feature guide. In the meantime, there are six important data protection principles to keep in mind as part of GDPR law. GDPR brought about sweeping regulation changes for businesses not just in Europe, but across the whole world. And there are six privacy principles you have to adhere to. These are:

  • Lawfulness, fairness, and transparency.
  • Purpose limitations.
  • Data minimisation.
  • Accuracy.
  • Storage limitations.
  • Integrity and confidentiality.

With those points in mind, you should also remember the accountability and compliance with GDPR laws. As an organisation, it’s your duty to have a lawful basis for keeping personal data. You can read the ICO’s (Information Commissioner’s Office) guidelines on this for further help: 12 step checklist.

What’s personal data?

For clarity, what exactly is a user’s personal information? Well, it’s details that make an individual identifiable. This data is:

  • Electronically processed.
  • Maintained in a paper filing network (although this will not cover all filing systems).
  • Is in an accessible record (i.e. education).

You should also remember that the data doesn’t necessarily have to name a person outright. If it helps to identify them, then it’s personal data. As with above, the ICO has a free online tool that helps you understand what data is and isn’t legal: Lawful basis interactive guidance tool.

How to avoid a data protection breach at work

In the event of a breach of data protection act by employees you’ll need to follow a set procedure to handle the outcome. It is your duty as a business to ensure all of your data is secure. This is so you prevent the opportunity for loss or theft. You can ensure this happens by maintaining:

  • Modern security software you keep up to date.
  • Risk assessments to discover any vulnerable parts of your business.
  • Encrypt personal data across computers and devices.
  • Use remote services on the internet for back-ups.
  • Train staff so they’re aware of potential dangers.
  • Hold regular third-party security evaluations for an objective overview.
  • Check that any business partners also maintain high standards of security.

How to approach a data breach

 As personal data is now viewed as highly valuable, if you’re collecting information it’s now your responsibility to manage the gathering of such data carefully. An example of this includes asking a data subject if they’re okay with using their data. You’ll see this yourself when you arrive on certain websites, which will ask you if you’re happy to accept HTTP cookies (data sent from a website and stored on the user’s computer).

But this means you must take a data protection breach by an employee seriously. If a breach does take place, you may need to notify individuals (e.g. customers) about the issue. This can, unfortunately, result in a negative impact on your public image. GDPR also indicates you may face a fine of over €10 million – or 4% of your annual income – in the event of a breach. As such, it’s essential you maintain high standards of data security at all times.

Want further data protection?

Get in touch for further guidance on how to avoid breaching data protection at work. Call us today: 0800 028 2420.

Suggested Resources