It’s no longer a question of if, it’s now a question of when a data breach occurs. You don’t have to monitor the news too closely to see the frequency and scale of these incidents - Uber, Equifax, Saks Fifth Avenue . The list of the worst continues to grow.
Traditionally the weight of data privacy regulatory compliance is balanced across the Information Security Office, the Data Privacy Office, Compliance, and Legal but for organizations to be successful and avoid penalties under GDPR, all employees need to understand both the requirements and potential implications. In the recently published GDPR Report Chapter 3 from Veritas, '63% of companies believe all employees must receive mandatory training on GDPR policies.’ Employees are data owners and in many instances, will be held accountable for non-compliance. The research further indicates ‘some employers are implementing measures that will penalize staff who don’t comply. Nearly half (41percent) will implement disciplinary procedures for GDPR compliance violations.’
Fundamentally, the GDPR dictates better data hygiene. For organizations and individual employees alike, improved data hygiene is a win win. Greater insight equals greater value. Although organizations are setting the framework (technologies, processes, and best practices) non-automated data minimization and data usage purpose is ultimately determined and executed in many cases by individual data owners. Education is critical in ensuring individual behaviors align with company policies and procedures.
The GDPR and ripple effect it’s had on the global regulatory landscape has made education more important than ever. Potential fallout from GDPR non-compliance include large financial penalties trickling into brand devaluation and workforce reduction which ultimately resonate with the individual employees as this has a potential personal impact.
On the flipside educating individuals about the rights that they have to their own personal data helps mitigate personal impact when data breaches occur. By design the GDPR is to protect the rights of EU resident individuals to their data and globally this is being emulated in regulatory reform to protect individuals in other countries. When data breaches do occur, affected individuals should be aware of how they are impacted, how they can protect themselves, and what the breach potentially means to them directly.