Get peace of mind before the vacation period – minimise the potential risk of GDPR incidents

Get peace of mind before the vacation period – minimise the potential risk of GDPR incidents

Vill du läsa artikeln på svenska? Klicka här

Many people are off work at the same time during the summer holidays. This includes internally within your company and at external parties that you work with. To ensure you have the best conditions for your employees to be truly off work as planned, and for those that are providing backup for their colleagues, here’s a few critical points to bear in mind to ensure integrity and security over the summer.

Prepare documentation regarding authorised contact details

Fraud involving personal data is common and credible. During the vacation period, we’re all extra vulnerable to accidentally sharing personal data in various situations. Perhaps a colleague feels stressed about going on holiday, or a relatively new employee feels uncertain about how to respond to customers’ or colleagues’ questions regarding sensitive information. 

That’s why it’s important to have up-to-date documentation in place regarding authorised contact details, both for internal and external people and roles. The documentation must clearly state who your contact persons are with your customers and suppliers, and who has the authority to distribute certain information and services.  

In cases when your customers or suppliers request certain information from you, also include in the documentation what type of questions you are allowed to answer, what type of orders for services you can accept, and who has the authority to respond to these information requests.

Inadequate documentation regarding your contact persons and their authorisations creates a risk of information reaching the wrong people. As an employer, it’s your responsibility to protect the personal data of your staff and customers. 

If personal data is shared with an unauthorised person, a personal data incident have occurred. This means that certain measures must be taken urgently, including deciding whether the incident needs to be reported to the Swedish Authority for Privacy Protection. According to the GDPR, you need to ensure that you have internal procedures for dealing with incidents like this.

Increased risk of fraud

It is common that fraud is linked to payments. For example, someone may pretend to be another person and request payments to be made to them. If you have clarified your authorised contact details, like mentioned above, you minimise the risk of falling for various types of fraud and that payments reach the wrong person. By having clear procedures for supplier payments or changes to employees’ bank account numbers, you avoid personal data being handled incorrectly.

Before the holidays, why not investigate where in your work processes you may have an increased risk of fraud?

Risk of personal data incidents 

During the holidays, it’s easy for us to deviate from established procedures that are in place to ensure that information such as personal data is handled correctly. It may be because regular staff are not on site, there are fewer staff to coordinate with or that you’re feeling more under pressure. In these cases, there’s an increased risk of personal data incidents occurring. So how can you minimise the risks? 

  • Have clear documentation in place regarding authorised contact details, both for internal and external people.
  • Work actively to avoid collecting too much data. In other words, work according to the data minimisation principle stated in GDPR. 
  • Ensure that you have a good procedure in place for protected personal data to ensure it is handled securely, i.e. that data is only accessible to authorised persons and that data is only disclosed if it has been ensured that the recipient is authorised.
  • Clarify procedures for dealing with matters via phone call. Here too you need to have a procedure that ensures that data is only disclosed once it has been ensured that the recipient is authorised.
  • Always be extra careful if you handle data about children as such data belong to special categories of personal data.
  • Train your staff about your procedures, phishing emails, and fraud before the summer

Book a meeting with relevant contact persons

In order for both you and your colleagues or external contact persons to have peace of mind regarding the smooth supply of services to your customers during the summer months, we recommend that you book a meeting with relevant customers and external partners in order to agree on current contact details and any authorisations.


Subscribe to our newsletter

Stay updated on everything in accounting, payroll and HR and gain unique insights and advice from our articles. Fill in the form below to subscribe to Azets newsletter.

Yes please, I want to receive Azets newsletter, information about services and invitations.

I am informed that I can read more about how Azets handle my personal data in Azets privacy policies. I can change my subscriptions or unsubscribe from all Azets communication at any given time.