Almost Half Of Uk Retail Workers Unsure Of How To Handle Data In Line With Gdpr

• Around half of UK retail workers don't feel confident with GDPR tasks
• One in five haven't received formal compliance training
• Many workers can't remember what their training involved

Nearly half (44%) of UK retail workers say they're not confident in handling sensitive customer data or don't know how to process it correctly, raising potential compliance issues, per Virtual College research.

According to the data, nearly one-fifth (19%) of retail workers have never received formal compliance training despite handling customer banking details, contact information and other personal data daily.

And those who have been trained say it's been sporadic without regular updates – only one in three (30%) have been trained within the last six months, with a further 11% trained 7-11 months ago.

Retail workers aren't up to speed on GDPR

The report raises questions around the frequency and effectiveness of such training, because nearly one in five (17%) couldn't remember what their last compliance training covered. Only 13% say it covered safeguarding.

And while training is still being delivered to many, only around half (49%) say they'd feel 'somewhat confident' in responding correctly to a compliance situation.

This data also comes at a similar time to Government data revealing that more than two in five (43%) businesses have experienced some kind of cyber breach or attack in the past 12 months, highlighting the vulnerability of personal and sensitive information.

"Ongoing, bite-sized training keeps compliance knowledge fresh and helps employees stay confident in fast-changing regulatory environments," Business and Strategy Director Jamie Ashforth wrote, urging employers to conduct regular audits to identify gaps.

Per the report, UK companies paid £490 million in compliance failure fines in 2025, but broader impacts of regulatory investigations and knock-on reputational damage are also highly plausible outcomes.

Ashforth suggests businesses should prioritize high-risk compliance areas first, including data protection and safeguarding. "Clear processes and regular reinforcement give employees the confidence to raise concerns and act appropriately when issues arise."