"The Great Employee Turnover”
58% of Europeans say they are considering changing jobs, according to a LinkedIn survey of approximately 9,000 workers. This trend is referred to as “The Great Employee Turnover” or “The Great Reshuffle” and it is taking place across the globe. This blog is about how changing employees affects your business and your sensitive data.
The cost of employee turnover overall
The cost of employee turnover is high: Interviewing, onboarding and training replacements; lost productivity, interruption of services, and so much more. Let’s add to that list a cost that is not always considered; lost and misplaced personal data.
Employee turnover and lost personal data
Employee turnover puts your customers’ personal data at risk for several reasons. As employees move to new homes, they may (accidentally or intentionally) take your customers’ sensitive personal data with them on personal devices or cloud apps. They may leave it unattended, in unknown storage locations. Such data could fall outside the protection of your data privacy and security protocols. It will also be unavailable for company use.
The potential for lost and leaked data may be the most expensive problem associated with employee turnover. Data breaches are expensive. Data breach fines and associated losses have a total average cost of $4.24 million USD (€4.09 EUR) per data breach. That is enough to bankrupt a small business.
Educate employees and prevent data loss
It is not unusual for employees to store data in the wrong places, especially if you do not have clear protocols for data protection and storage. This puts you in a problematic situation in connection with personal data protection in the event of employee replacement. When an employee has left your company, it will be impractical and somewhat absurd to call them at their new workplace when you need to find a piece of personal data. You should therefore focus on preventing data loss through secure procedures and awareness.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
Find out who stores what, and where
Start by finding out which employees store what personal data and where. All personal data should be listed and monitored by your CISO or DPO. List all the sensitive and personal data you store and categorise it by:
- Risk level
- Type
- Location
- Access
Discover data silos and dark data
Departments and individuals within your company may store high risk data in a way that isolates it and conceals security vulnerabilities. You need to uncover this type of “dark data” buried in “data silos” that may otherwise fall outside your security protocols.
Develop a data privacy strategy
Mapping all your data accurately makes it easy to develop a data privacy strategy. Once you know the categories of data your team stores, decide:
- Where each type of data should be stored
- Who should have access to each type of data
- How long each type of data should be retained
Monitoring all your files will help you implement data loss prevention policies that will protect all the personally identifiable information, sensitive corporate intellectual property, and other valuable data your team stores.
Losing an employee? Do this before they go to prevent data loss.
Hopefully, when an employee does leave, they will give you a couple of weeks’ notice. As you make plans to fill their position and cover their responsibilities, make sure you also get an inventory of the company data they store to make sure it is protected and handed off to the departments that need it. You could assign someone to help the employee who is leaving go through the personal data they store.
This is rather labor-intensive, and it is not easy to be sure you will find everything. Using automated data discovery is a more accurate (and much quicker!) way to make sure you find all the data that needs to be cleaned up or handed over safely to someone else. If you use automated data discovery, invite the employee who is leaving to join now.
- Select the local, cloud and email storage you want them to scan for sensitive data
- They should select and authenticate folders in those locations and start the scan
- Their results will appear on their dashboard + your admin dashboard
This gives you an easy overview of the company data that the employee collected while they worked for you. Files should automatically be classified by type, risk level, and location. Review the files you find. Zoom in on important data and eliminate files that are redundant, obsolete, or trivial.
Export and share important files with another employee
Move or delete sensitive files stored in the wrong location
Give special attention to high-risk files stored on local drives, email folders and other vulnerable locations. This may be your last chance to salvage or delete them! You can export important files to share them with someone else, delete files that are no longer needed, and more. This is a quick way to make sure your valuable data stays where it should be when an employee leaves.
Best practices for data privacy include performing this simple data inventory process for all your employees regularly. Then, repeat it any time you know you may lose a member of your team. Make sure you find out who has what data before someone walks out the door with it. Automated data inventory makes this much easier, and will free you up to concentrate on keeping your business running smoothly during times of employee churn.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
An easier way to protect data when you have employee turnover
Staff turnover is a factor you cannot fully control. But you can minimise the risk of error, mismanagement and misconduct associated with employee replacement by using a data discovery tool to make an inventory of the employee’s data. In Safe Online, we have developed the data discovery tool, DataMapper.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →