Almost half of UK retail workers unsure of how to handle data in line with GDPR

News
By published

UK businesses are failing on GDPR training

GDPR
Image Credit: Pixabay (Image credit: Pixabay)
  • Around half of UK retail workers don't feel confident with GDPR tasks
  • One in five haven't received formal compliance training
  • Many workers can't remember what their training involved

Nearly half (44%) of UK retail workers say they're not confident in handling sensitive customer data or don't know how to process it correctly, raising potential compliance issues, per Virtual College research.

According to the data, nearly one-fifth (19%) of retail workers have never received formal compliance training despite handling customer banking details, contact information and other personal data daily.

And those who have been trained say it's been sporadic without regular updates – only one in three (30%) have been trained within the last six months, with a further 11% trained 7-11 months ago.

Latest Videos From

Retail workers aren't up to speed on GDPR

The report raises questions around the frequency and effectiveness of such training, because nearly one in five (17%) couldn't remember what their last compliance training covered. Only 13% say it covered safeguarding.

And while training is still being delivered to many, only around half (49%) say they'd feel 'somewhat confident' in responding correctly to a compliance situation.

This data also comes at a similar time to Government data revealing that more than two in five (43%) businesses have experienced some kind of cyber breach or attack in the past 12 months, highlighting the vulnerability of personal and sensitive information.

"Ongoing, bite-sized training keeps compliance knowledge fresh and helps employees stay confident in fast-changing regulatory environments," Business and Strategy Director Jamie Ashforth wrote, urging employers to conduct regular audits to identify gaps.

Per the report, UK companies paid £490 million in compliance failure fines in 2025, but broader impacts of regulatory investigations and knock-on reputational damage are also highly plausible outcomes.

Ashforth suggests businesses should prioritize high-risk compliance areas first, including data protection and safeguarding. "Clear processes and regular reinforcement give employees the confidence to raise concerns and act appropriately when issues arise."

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.