If you think that GDPR is “only for companies to worry about”, you should think about the plight of (former) admin assistant, Jayana Morgan-Davis. She just got fined £790 for forwarding her work emails to her personal email address. (£200 fine plus £590 in costs)
I do not know the specifics, but a likely scenario would be that she was moving to a competitor and took the customer list. That was previously a contractual breach between employer and employee, but now it appears to be a much more serious issue. The ICO are showing their teeth.
It presents a very large issue for us as individuals. Many of us use the same email address for business and home life. More of us use email forwarding to bring all the email addresses into the same place, which amounts to really the same thing.
This means that we are blurring the lines, if those emails contain personal data about third parties. For example, let’s say I book a hotel room with Intercontinental hotels, then I ask for Viagra tablets to be sent to the room (Hey… keep reading). That email gets sent to the concierge’s email address, or her mobile phone, both of which are in her own name. I agreed to give my data to Intercontinental, but not to people outside Intercontinental… there’s every chance the Intercontinental Concierge is a contractor. Even if she isn’t, the second she leaves Intercontinental’s employ, then my personal data is in the hands of a person I can no longer track or trust.
I think this is a godsend for the phone companies and the ISPs, because really everyone should now have two phones (or at least two sims) and two email inboxes.
A phone costs what – £20 a month? The fine was £200… but with the costs this adds up to £790… so about three years of a spare phone for work purposes.
It all sounds a bit absurd, but when you think about it, it really isn’t. We still have a long way to go before we culturally adjust to the new spirit of GDPR and It think we need to start taking responsibility as individuals, not just as companies, if we are going to make this work.
In the 1960s, Drink Driving was illegal, but nobody took it seriously. Now it is no longer a “police” matter, it is a social one. GDPR will have the same trajectory, but over a much shorter timescale. I juts hope it isn’t ME that the ICO picks on next, because I expect even most ICO employees are guilty of SOMETHING GDPR related if they look hard enough.