The GDPR affects the use of email too

Data breaches caused by the misuse of email are becoming common, with a lack of appropriate staff training consistently to blame.

The ICO (Information Commissioner’s Office) recently issued a fine of £200,000 to the Independent Inquiry into Child Sexual Abuse for incorrectly sending a bulk email to 90 recipients rather than Bcc’ing (blind carbon copy) them in. A key reason for the fine was the lack of knowledge and training of staff relating to sending bulk emails.

Under the EU GDPR (General Data Protection Regulation), data breaches can incur significant fines (€20 million or 4% of annual global turnover – whichever is greater) and result in reputational damage.

Incidents in which data is sent to an incorrect recipient or where recipients are added to the incorrect field are preventable. Employee errors such as these pose a significant threat to data security within organisations, and this recent example shows that incidents do not just occur with malicious intent; they can also happen accidentally.

Often, not enough emphasis is put on employees’ data protection responsibilities or implementing measures to prevent these costly mistakes. All staff need to be aware of the consequences that careless actions carry.

When investigating data breaches, regulators will consider whether the organisation maintains appropriate data protection and cyber security policies, procedures and training. Can you produce records demonstrating that your employees have received the necessary training?

Don’t let your staff be your downfall.

Take action

To combat and prevent these mistakes and careless actions, we have developed the Misuse of Cc and Bcc when emailing – Human patch e-learning course.

It aims to ensure that your staff are aware of the risks and consequences that come with misusing email and know how to handle and communicate personal data by email securely and legally.

This short course is a convenient and cost-effective way to reduce your organisation’s risk of suffering a data breach and can be taken around your employees’ existing workload.

Find out more >>