General Data Protection Regulation (GDPR): 25% of employees storing data in public without permission

Even HR is breaking the rules, using public cloud services without the organisation's permission

Businesses are putting themselves in the firing line for big fines if they don't comply with GDPR guidelines, Sharp has revealed, with almost a quarter of employees storing confidential information on the public cloud, even if their organisation hasn't sanctioned it.

In fact, one in 12 employees are able to access information they shouldn't be able to view, putting both customers and the company at risk of data leaks. The problem has been amplified because such a large proportion of the workforce is now able to work remotely, Sharp said in its report.

"It is up to businesses to find the right balance between modern ways of working and secure data sharing. When you also consider that 75% of employees access work documents on the go, businesses need to do more to keep up with their workers," Stuart Sykes, managing director at Sharp Business Systems, said.

The company added that almost a quarter of employees are using public file sharing sites without the permission of the business and a third are taking work home to finish, without getting approval from their managers to take data off-premises.

Even HR are breaking the rules, Sharp said, despite them being the department usually setting boundaries. 30% of HR managers said they had stored information in the public cloud, despite knowing the risks.

Security and privacy expert Dr Karen Renaud said that the results showed a need for businesses to provide better support for employees: "As long as businesses continue to require or implicitly overlook insecure behaviours, security will always be sacrificed."

05/07/2017: Councils are 'seriously unprepared' for GDPR

The General Data Protection Regulation (GDPR) will give people more control over their personal information when it is passed into law in 2018, superseding the UK's outdated Data Protection Act, which was drafted in the 1990s.

The regulation requires no special legislation to come into force in the UK, making the two-year countdown a hard deadline for companies to get into shape for.

GDPR changes the concept of personal data, expanding its definition to include people's IP addresses and online identifiers, as well as forcing companies to gain people's explicit consent to use their data.

It aims to make it easier for citizens to find out what data companies hold on them, and giving them more details about how their data is handled and what it is used for.

People will also have a right to port all their data from one company to another, and to know when their data has been hacked, as well as the right to be forgotten, which will require companies to delete people's personal data when asked to.

These new rules represent dramatic changes to the way businesses are required to handle data, and the consequences for failing to look after such information properly can be drastic.

Any company that suffers a data breach will face a fine of up to 20 million or four per cent of their annual global turnover, compared to a maximum existing penalty of 500,000.


The vast majority of councils in the UK have not yet allocated budget towards meeting the various requirements of the General Data Protection Regulation (GDPR).

With the regulations coming into force in May 2018, 82% have not earmarked money to deal with implementing the EU data protection rules, which come into force on 25 May 2018. The information came to light following a freedom of information (FoI) request by M-Files Corporation.

The company sent FoI requests to all 32 London boroughs and 44 other local authorities throughout the country, asking councils about their GDPR preparedness.

It found that 76% of London councils have not yet allocated budget towards making provisions to ensure compliance with GDPR, with the same figure for the rest of the country standing at 89% (averaging 82%). Additionally, 56% of the local authorities contacted have still not appointed a data protection officer, despite this being stipulated as a requirement by GDPR for public bodies.

Julian Cook, vice president of UK Business at M-Files, said that the finding point to a "serious lack of awareness" of the importance of GDPR and the challenges it will pose for local government.

"At this stage, we would have expected local authorities to be further along in their preparation efforts, but the data demonstrate that this is far from the case," he said. "Inadequate preparation for GDPR will have serious financial implications if these boroughs ultimately do not comply with the new rules."

He added that local authorities face a constant struggle to manage a series of diverse responsibilities, often having to work with limited budget and resources.

"Effective data management is often one of the most labour-intensive of these challenges, with local authorities tasked with administering and protecting ever-increasing amounts of sensitive data, such as personally identifiable information (PII)," added Cook.

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download


EU reveals plans to protect whistleblowers from punishment in new legislation
Policy & legislation

EU reveals plans to protect whistleblowers from punishment in new legislation

24 Nov 2021
GDPR 2.0: What do Europe’s new AI rules mean for businesses?
IT regulation

GDPR 2.0: What do Europe’s new AI rules mean for businesses?

28 Jun 2021
The IT Pro Podcast: Navigating Brexit data transfers
data protection

The IT Pro Podcast: Navigating Brexit data transfers

5 Feb 2021

Most Popular

What should you really be asking about your remote access software?

What should you really be asking about your remote access software?

17 Nov 2021
How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021