NJORD Estonia: Protect your client, employee, and yourself – teach employees data protection
Recently, the Data Protection Inspectorate published the news, that a police officer and a medical officer received a misdemeanor fine for a curiosity inquiry. The size of such a fine may not be large, but it can still be significant from the perspective of the employee.
The employee's violation is also a sign of the employer's non-compliance with data protection requirements, i.e. the employer is also at risk of receiving a fine. The breach may be or it may be caused in case the employee does not have the necessity to view the personal data of others (e.g. clients), but access is not in any way technically/physically impeded, and the employee views the data, or if the employee uses their co-worker’s account to get access, when the employee shares personal data outside the company, or even when the employee opens a link in the phishing scam letter or uses the employer's tools on an insecure network.
To prevent breaches, i.e. to protect data properly, and thus to protect the clients, employees and the employer, it is important that the employer pays attention to data protection and sets clear restrictions (e.g. access restriction), rules and guidelines. Thereby, training and explanation are even more important - by understanding the rules and requirements, it is also easier to follow them and their necessity is clearer. Once the rules are in place, the boundaries are clear and the employees clearly understand the requirements, it is less likely that a breach will occur.