Retail Workers Show Significant Uncertainty Over Data Protection Compliance
A substantial portion of the UK’s retail workforce is expressing a lack of confidence when it comes to handling sensitive customer data in accordance with data protection regulations. New research indicates that nearly half of these employees are unsure about the correct procedures for processing personal information, potentially exposing businesses to compliance issues.
Training Gaps Highlighted by New Findings
The investigation reveals that a significant minority, approximately 19%, of retail employees have not received any formal compliance training. This is despite the fact that these individuals routinely handle customer banking details, contact information, and other personal data on a daily basis. For those who have undergone training, the effectiveness and recency of this instruction are also in question. Only about one-third of trained workers have received updates in the past six months, with an additional 11% having had training between seven and eleven months ago.
Effectiveness and Retention of Compliance Knowledge Questioned
The research further probes the retention of information from compliance training. Astonishingly, almost one in five (17%) of retail staff could not recall the specifics of their last compliance training session, with only a small fraction (13%) indicating that safeguarding was covered. Even among those who have received training, only about half (49%) feel ‘somewhat confident’ in their ability to respond appropriately to a compliance-related situation.
Broader Context of Cyber Threats
These findings emerge at a time when government data shows over 43% of businesses have experienced a cyber breach or attack in the past year. This statistic underscores the vulnerability of personal and sensitive information held by companies across various sectors.
Expert Calls for Continuous, Targeted Training
Jamie Ashforth, Business and Strategy Director, emphasized the importance of ongoing, concise training to keep compliance knowledge current and bolster employee confidence in evolving regulatory landscapes. He advocates for employers to conduct regular audits to pinpoint and address knowledge gaps. Ashforth also noted that in 2025, UK companies incurred £490 million in fines for compliance failures, with the potential for significant reputational damage and the costs associated with regulatory investigations also being substantial risks.
Ashforth suggests that businesses should prioritize high-risk compliance areas, such as data protection and safeguarding. He stated, “Clear processes and regular reinforcement give employees the confidence to raise concerns and act appropriately when issues arise.”
