GDPR data laws: Punishing workers for human mistakes

  (Click to enlarge: opens in new window)

Willie Clarke

It is nearly three months since the EU’s General Data Protection Regulations (GDPR) came into force and my fear that many workers will be disciplined and sacked for making ordinary mistakes with no malice is beginning to be borne out.

I have made a couple of mistakes – emailing an internal document with no confidential information to a customer, sending something else to the wrong customer which bounced back because I had typed the email address incorrectly and leaving a voicemail on the wrong phone number.

While these acts were careless, they in no way compromised anyone’s privacy. In fact, I doubt whether a person would ring a company to say that they had been left a voicemail meant for somebody else if there hadn’t been the hysteria prior to GDPR’s introduction.

The law seems to make no distinction between the genuine mistakes that I have just described and selling people’s data without permission. This has got many employers running scared.

My employer made reference to the eye-watering fines that can be levied rather than the invasion of customer privacy.

In practice, the courts would make a distinction. I doubt my employer would be bankrupted by my actions if they ever came to court.

The ‘information campaign’ that preceded the introduction of the legislation deliberately exaggerated the effects of breaches of the act and, of course, that kind of thinking helps the capitalists.

Personal data under capitalism has become a commodity in the same way as sugar or bananas and therefore is regulated.

I wouldn’t be surprised if the legal profession were lobbying for such legislation in the anticipation of a few lucrative and high-profile court cases.

The publicity from the Information Commissioner’s Office accepts that the vast majority of transgressions will be the result of common distractions and lack of concentration.

They will give away no information, not make anyone more liable to being blackmailed or lead to anyone’s relationship breaking down.

Yet many employers will take decisions on what was highly unlikely to happen rather than the real effects of individual acts of carelessness.

The majority of cases of loss of personal data have been caused by managers and those in senior roles.

Managers are far more likely to have contacts interested in buying confidential information and are much more likely to have access to such data in the first place.

Every company that has been in the embarrassing position of ‘losing’ personal data is still trading.

It really is hypocritical of capitalist governments to pass laws supposedly defending the right to privacy while stepping up the surveillance state often targeting left-wing activists and trade unionists as ‘the enemy within’.

It is doubtful whether this legislation would have had the same reach if there had been a bold and combative trade union movement prepared to take on the bosses.

GDPR should be abolished and replaced with legislation that genuinely protects our privacy without punishing workers for making human mistakes.