Guest comment: Why pension companies should prioritise GDPR training

The changes to our working world due to the Covid-19 pandemic have brought positives and negatives. While it has undoubtedly been a scary and stressful time, many of us have found that we enjoy working from home, being able to achieve a better work/life balance and spend more time with our loved ones.

That said, remote working also presents challenges, both for employees and their employers. One area of particular concern is data protection, with the rapid switch to homeworking risking creating the perfect environment for data breaches.

A data breach survey, commissioned by experts Hayes Connor solicitors at the end of 2020, demonstrates the extent of the problem. They asked UK office workers a number of questions regarding how their company conducted themselves both before and after the first lockdown.

It revealed some shocking statistics, including: two in three employees who printed documents at home disposed of them in their household bins; one in five have received no GDPR training for handling company data or cyber security since working in their company; and one in five UK employees received no data protection guidelines while working from home during lockdown.

Clearly, despite remote working, company owners are still not doing enough to avoid data breaches. Thus, they are leaving their customers open to having their data stolen, and their lives turned upside down.

There’s no doubt that technological advancements are moving far faster than we can handle. Alongside these advancements, hackers and scammers are exploiting company’s inabilities to keep up with these changes. This leaves many companies open to data breaches through theft of sensitive data.

That said, complicated cyber technology and encryption aren’t always to blame for data leaks. The truth is, human error is the cause of 95 per cent of data breaches, and the evidence shows that this problem is growing as a result of remote working during the COVID-19 pandemic.

Human error data breaches can occur in a number of ways. Some examples include: home worker’s laptops being left unlocked for household members to see; documents being left where they shouldn’t be, for example client houses or offices, or public transport; careless email practice; and home workers throwing sensitive documents in their home bins for anyone to see.

These may seem like very innocuous examples, but the reality is that mishaps like these can have drastic consequences.

Now that we know the main cause of data breaches, the real question is why should pension companies invest time and money into avoiding them? The truth is, it is likely to cost your company even more time and money in the long run through Information Commissioner’s Office (ICO) fines, extensive lawsuit costs, destruction of brand image and reduction in customer loyalty

The statistics and information above clearly show that some of the most basic steps are being ignored by company owners, which is putting them at major risk of a data breach. The truth is, these breaches are completely and utterly avoidable with the correct training and processes in place.

Some training ideas include: training employees on the consequences of a data breach so they understand the gravity of it all; emphasising the importance of protecting client data from the get-go; how to handle data, both inside and outside the office and home; and proper email sending procedure, which should include checking and double-checking email contents, recipients and attachments before sending.

Further training on how and why to set up secure passwords; recognising malicious scam attempts via email, text, invoices, and in person; not using work devices for personal use; how and when to use the anti-malware systems, secure networks, and other complicated cyber software and encryptions; where to save documents; training on the importance of updating any apps and devices when prompted; and what to do if cyber security measures fail can also help.

As you can see, there are a huge number of ways that pension companies can avoid a data breach caused by human error. The question is, are you willing to invest the time and money into the business now to avoid the consequences later?

    Share Story:

Recent Stories


Making pension engagement enjoyable through technology
Laura Blows speaks to Nick Hall, business development director and Chartered Financial Planner at UK-based Wealth Wizards about the opportunities that technology provides for increasing people’s engagement with pensions and increasing their retirement wealth. Please click here for an edited write-up of the video

ESG & DC – creating the right tools
In the latest of our series of Pensions Age video interviews Francesca Fabrizi, Editor in Chief of Pensions Age is joined by Manuela Sperandeo, Head of Sustainable Indexing EMEA, BlackRock and Mark Guirey, Executive Director, Asset Owner and Consultant Coverage - MSCI to discuss some key trends of ESG investing among UK pension funds today. Please click here for an edited write-up of the video

Savings and finance at retirement
Laura Blows is joined by Claire Felgate, Head of Global Consultant Relations, UK, at BlackRock, to discuss savings and finance at retirement. Please click here for an edited write-up of the video

Multi asset credit
Pensions Age editor, Laura Blows, discusses multi asset credit with Royal London Asset Management senior fund manager, Khuram Sharih
Pensions Age podcast: buy-outs and buy-ins for member and employer nominated trustees
Pitfalls and good practice when approaching insurers with Pensions Age editor, Laura Blows, Martin Parker (Just Group) and Akash Rooprai (ITS)

Advertisement Advertisement