- Around half of UK retail workers do not feel confident with GDPR tasks
- One in five have not received formal compliance training
- Many workers cannot remember what their training consisted of.
Almost half (44%) of UK retail workers say they are not confident in handling sensitive customer data or do not know how to process it correctly, raising potential compliance issues, according to research from Virtual College.
According to the data, almost a fifth (19%) of retail workers have never received formal compliance training despite handling customers’ banking details, contact information and other personal data on a daily basis.
And those who have received training say it has been sporadic and without regular updates: only one in three (30%) have received training in the last six months, and another 11% did so between 7 and 11 months ago.
Retail workers are not up to date with GDPR
The report raises questions about the frequency and effectiveness of such training, because almost one in five (17%) could not remember what their last compliance training covered. Only 13% say it covered the safeguard.
And while many still receive training, only about half (49%) say they would feel “somewhat confident” about responding correctly to a compliance situation.
This data also comes at a similar time to Government data revealing that more than two in five (43%) businesses have experienced some type of breach or cyber attack in the last 12 months, highlighting the vulnerability of personal and sensitive information.
“Continuous, brief training keeps compliance knowledge up-to-date and helps employees maintain confidence in rapidly changing regulatory environments,” wrote Director of Business and Strategy Jamie Ashforth, urging employers to conduct regular audits to identify gaps.
According to the report, UK companies paid £490 million in fines for non-compliance in 2025, but the wider impacts of regulatory investigations and reputational damage are also very plausible outcomes.
Ashforth suggests that companies should prioritize high-risk areas of compliance first, including data protection and safeguarding. “Clear processes and regular reinforcement give employees the confidence to raise concerns and act appropriately when issues arise.”
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
