One big change under GDPR is that workers are responsible and accountable for their actions. Failure to follow GDPR rules can result in a fine for the person involved and in some cases a criminal record! The ICO recently fined a former customer service advisor who has been prosecuted for accessing records relating to anti-social behaviour without authorisation.
An internal investigation found that they had inappropriately accessed cases without any business reason to do so. The records related to victims, witnesses and perpetrators of anti-social behaviour. The worker had to appear before the Magistrates’ Court and decided to plead guilty to the offence of unlawfully obtaining personal data, in breach of s55 of the Data Protection Act 1998. They were fined £300, ordered to pay £364.08 costs and a victim surcharge of £30.
If you are the boss, you need to make sure your staff understand that they are personally liable but you also need to make sure you can demonstrate that you have taken every precaution to protect data and ensure your staff understand the rules or you might find yourself in the dock too!
Call us anytime if you have questions or think you have experienced a GDPR breach.
Good luck all.