<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">

gdpr

Boardrooms across the UK are too complacent and many are failing to take the new data protection rules seriously, according to joint research by Trend Micro and Opinium.

In a global survey of over 1,000 IT leaders, here are some of the key findings:

  • 88% of UK firms felt their data was as secure as it could be (global average - 79%)
  • Only 57% of firms have a process in place to notify the data authority within 72 hours of data breaches
  • Most (73%) were unaware of the colossal fines (up to €20 million or 4% of global annual turnover) for non-compliance, with a quarter (28%) claiming fines "wouldn't bother them"
  • 60% cited reputational damage as one of the biggest impacts of a data breach
  • There was poor understanding of the basic principles - 79% of UK businesses (global average 64%) gdprdidn't know that a customer's date of birth was classed as personal data and 56% wrongly thought that email marketing databases were not personal data
  • Just 19% of firms had a C-level executive engaged in GDPR and only 10% had a board-level manager, with the IT department in charge in 61% of cases
  • Despite their obligation to use technologies to manage the risks, only 25% of UK businesses had invested in technology to identify intruders on their IT network, just 27% had invested in encryption technologies, with 30% implementing leak prevention technology
  • Only 11% knew that their firm would be held jointly responsible in the event of EU data loss by a US service provider 

Use this checklist to help move GDPR up the boardroom agenda in your firm:

  1. Get the tone from the top right - If you haven't already, consider holding events and roadshows, creating resources, or organising presentations by the CEO and board to create awareness and demonstrate your commitment to data protection at the highest level. If it matters to you, then it will matter to everyone else across the organisation.
  2. Appoint a dedicated Data Protection Officer, if required - with responsibility for data protection gdprcompliance right across the organisation. Consider how they will operate within your existing organisational structure, the responsibilities they should have (i.e. liaising with regulatory bodies, board-level reporting, providing training, etc), and governance issues.
  3. Be proactive and aim for data protection by design - Think about how you might integrate data protection into all your processes so data protection and privacy issues are prioritised from the start. Carry out and document Data Protection Impact Assessments (DPIAs) or Privacy Impact Assessments (PIAs) to strengthen protections for individuals.
  4. Measure and mitigate the risk - As a board, be sure to spend time discussing your cybersecurity and information security issues. What is your risk profile, your attitude to different risks, and appetite in respect of data breaches? Are cyber security and information security issues included in your risk register? Are there named risk owners and specialist teams to track and manage the risk? What role do Audit and Compliance play now and how will this change in future?
  5. Accept accountability - Be in no doubt. Significant fines can be imposed on firms who don't comply. Cyber security never was and will no longer be just an IT issue. The stakes are high and it's time to step up. Are you ready?

Leave a comment

Tick

eBook: Essential Uncovered

Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

Download now

How to Manage the Compliance Personas in Your Company

Rory has no time for rules, especially the pointless ones that add a lot of work for no apparent benefit. When he encounters such rules, his first thought is to find a work-around. Andy doesn't mind ...

Read More
FCA Compliance News - November 2018

An overview of the most recent and upcoming changes to FCA guidelines for senior managers...   Regulatory Update The last six weeks have been a very busy time for the UK regulators, with both the ...

Read More
Compliance Essentials News - November 2018

This blog is dedicated to bringing you the news that touches the people dimension of regulatory compliance. It's not only about regulations, policies, procedures and systems. It's also about people, ...

Read More
Getting personal: five ways to engage staff with compliance training

It's an on-going struggle for most companies to engage their staff with compliance training. There's a constant stream of new regulations and tweaks to existing ones. And many of these require ...

Read More