breach of personal information

[JRSA]

I am wondering if this is a breach of personal data ... pls be so kind as to advise .... a colleagues personal HR file was left in an office with all staff having access into the office .... just lying on the desk for all and sundry to acces if they wanted .... with a handwritten note from the manager for the employee to complete a form inside the file .... it was lying there for three days .... when the employee came in and saw it on the desk ... they were quite upset as all their data was in the file which consisted of all pesonal data , banking data , HR dox and references and anything pertaining to that employee ... is this a norm or is it a breach ....the employee removed the file and has it in their possession ... no one has even enquired about it missing etc ... by the way this is a huge company not a small mom and pop business ....

Yes it's a breach. I'm very confused why a large company has paper files though - it should be all digital with restricted access.

That’s a breach of GDPR guidelines and should be reported in case any financial information has been stolen. It sounds like HR should arrange for training for the managers. And why did HR release the file to begin with?

yip ... they still have the paper trail .... and why would the manager have that employee's file as the employee does not fall under the division of that manager but this really happened ...

your guess is as good as anyones why the file was released to a bottomfeeder manager and why they would even be handling anything with that employee as the employee falls under a different division

Usually there is a Data Protection Officer in the company who you report incidents to for investigation.

You must report this as security breach. There should be a specified route how to do it.