Lesson 2.5: GDPR and Confidentiality
Protecting Privacy and Handling Information Properly
Whether you’re working front-of-house or managing crowd control, you’ll often have access to personal information — names, shift details, venue access codes, incident reports, even conversations overheard.
At DIMA Group, we take confidentiality and data protection seriously. That means you need to know how to handle sensitive info the right way — and avoid putting the business or individuals at risk.
What You Must Not Do
❌ Share Staff or Client Details
Never give out names, phone numbers, shift patterns, or personal details — even if asked by someone who “seems legit.”
❌ Talk About Work Publicly
No discussing incidents, clients, or internal issues on social media, in WhatsApp groups, or with friends and family.
❌ Take or Share Photos Without Permission
Never take selfies on shift, post team photos without consent, or film guests, venues, or incidents.
❌ Keep Written Notes Lying Around
If you jot something down (e.g., staff names, medical info, codes), dispose of it securely or hand it in.
What You Should Do
✔ Handle Info With Care
Treat all personal and company information as private. If you don’t need it — don’t keep it.
✔ Use Secure Communication
Only use approved apps or systems (like WhatsApp groups or shift portals) to share information — and only when necessary.
✔ Report Data Breaches Immediately
If a phone is lost, a document is left behind, or confidential info is accidentally shared — report it to a DIMA manager ASAP.
✔ Keep Your Devices Secure
If you use your phone for work, make sure it’s password-protected and doesn’t store confidential info long-term.
A Quick Note on GDPR
GDPR (General Data Protection Regulation) is a UK law that protects people’s personal data. Under GDPR, you must:
- Only access data if you have a reason to
- Never share data without permission
- Keep any personal info secure and private
Breaching GDPR laws can result in serious consequences for you and the company.