Blogs
Data Protection in the workplace: Why it’s more than a tick-box exercise
When people hear data protection, they often think of cookie banners, privacy notices, or tedious compliance training. But treating it as a tick-box exercise is exactly what leaves businesses and people vulnerable.
On the Lunch at Work podcast, Siobhan Coetzer, Senior Legal Counsel at WSH Group, shared why data protection is more than IT security. It’s about protecting people, building trust, and embedding habits across an organization.
Why Data Protection is important for businesses
Every employer holds huge amounts of personal data:
-
Names, addresses, and phone numbers
-
National insurance and bank details
-
Beneficiaries and next of kin
-
HR and payroll information
If that data falls into the wrong hands, the results can be devastating, identity theft, fraud, financial loss, or reputational damage.
Hackers don’t count on ignorance. They count on trust. A single click on a familiar-looking email can give them exactly what they need.
“Data equals trust. If you take away trust, it’s really hard to gain it back.”
Common Data Protection mistakes businesses make
Many organisations approach compliance as a one-off task: draft some policies, add a privacy notice, hand it to IT. That mindset is one of the biggest risks.
According to Siobhan, businesses often get it wrong by:
-
Treating data protection as a siloed IT or legal issue.
-
Failing to embed processes into daily operations.
-
Not providing ongoing, role-specific training.
-
Ignoring the need for top-down and bottom-up accountability.
Instead, data protection must be seen as a living process, something that evolves with legislation, technology, and workplace culture.
What happens if you click on a suspicious link?
-
Ransomware attacks can lock entire systems and halt operations.
-
Regulatory fines from data protection authorities can cost millions.
-
Reputational damage can erode client and team trust overnight.
-
Resource strain pulls senior leaders and teams away from core work.
As Siobhan explained, regulatory fines make headlines, but reputation is what’s hardest to recover.
Practical Data Protection tips for employees
-
Use strong, unique passwords and consider a password manager.
-
Lock sensitive documents away at home (wills, IDs, financial records).
-
Limit access — only share information with those who need it.
-
Have a response plan — know how to freeze cards or wipe devices if lost.
-
Stay vigilant with emails — pause before clicking, opening, or forwarding.
-
Lock your laptop or screen every time you step away.
-
Use BCC in emails when sending to multiple recipients.
“Think of your data like your house keys,” Siobhan said. “You wouldn’t hand them to just anyone, so don’t do it with your data”
How to build a Data Protection culture at work
Policies and processes only work when they become habits. Locking screens, double-checking recipients, and reporting suspicious emails shouldn’t feel like burdens, they should be part of everyday culture.
-
Running continuous awareness campaigns.
-
Encouraging employees to report suspicious activity (without fear).
-
Investing in tools and systems that make compliance easier.
-
Holding leadership accountable for setting the tone.
Ultimately, data protection is everyone’s responsibility, from IT to HR to front-of-house staff.
Data Protection FAQs
What is data protection in simple terms?
Data protection is how businesses and individuals safeguard personal information — ensuring it’s used correctly, kept secure, and not accessed by the wrong people.
Why is data protection important in the workplace?
Because employees, clients, and suppliers trust organisations with sensitive details. Mishandling that information can cause financial, legal, and reputational harm.
What is the biggest risk to data security?
Human error. The UK’s data regulator (ICO) reports that the top causes of breaches are emails sent to the wrong person and team members clicking on phishing links.
How can I protect my personal data?
Use strong passwords, limit who has access to your information, lock devices when unattended, and be cautious about sharing or clicking online.
Final thoughts
Data is more than numbers in a system — it’s people. And just like gold or oil, it has become a commodity. Businesses that treat it as a tick-box compliance task miss the bigger picture: protecting data means protecting trust.
“It’s not just about policies. It’s about how we respect each other’s information every single day.”
👉 This episode of the Lunch at Work podcast was powered by BM Caterers. Contact BM to start your journey to a better workplace experience.
More stories from our blog
Bank Holiday bottles – Wines to pair with your summer feast
The August Bank Holiday weekend is on the horizon, the last big summer hurrah before the leaves start to turn.
Nova’s Biscuit & Bun Co. takeover is turning heads in Farringdon
If you’ve been anywhere near Farringdon lately, chances are you’ve caught the buzz, or at least the smell, wafting from
Why what and how you eat matters more than you think
We talk about food a lot what’s “good”, what’s “bad”, and what’s trending, but when you strip it all back,
A taste of innovation: behind the scenes of our innovation days
When I first took over our Innovation Days after Covid, they were all about reconnection. Our teams had been scattered,