<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    Tone from the top: 5 ways to move GDPR up the boardroom agenda

    Published on 15 Dec 2017 by Lynne Callister

    gdpr

    Boardrooms across the UK are too complacent and many are failing to take the new data protection rules seriously, according to joint research by Trend Micro and Opinium.

    Key findings from a global survey of over 1,000 IT leaders:

    • 88% of UK firms felt their data was as secure as it could be (global average - 79%)
    • Only 57% of firms have a process in place to notify the data authority within 72 hours of data breaches
    • Most (73%) were unaware of the colossal fines (up to €20 million or 4% of global annual turnover) for non-compliance, with a quarter (28%) claiming fines "wouldn't bother them"
    • 60% cited reputational damage as one of the biggest impacts of a data breach
    • There was poor understanding of the basic principles - 79% of UK businesses (global average 64%) gdprdidn't know that a customer's date of birth was classed as personal data and 56% wrongly thought that email marketing databases were not personal data
    • Just 19% of firms had a C-level executive engaged in GDPR and only 10% had a board-level manager, with the IT department in charge in 61% of cases
    • Despite their obligation to use technologies to manage the risks, only 25% of UK businesses had invested in technology to identify intruders on their IT network, just 27% had invested in encryption technologies, with 30% implementing leak prevention technology
    • Only 11% knew that their firm would be held jointly responsible in the event of EU data loss by a US service provider 

    Help move GDPR up the boardroom agenda with this checklist

    1. Get the tone from the top right - If you haven't already, consider holding events and roadshows, creating resources, or organising presentations by the CEO and board to create awareness and demonstrate your commitment to data protection at the highest level. If it matters to you, then it will matter to everyone else across the organisation.
    2. Appoint a dedicated Data Protection Officer, if required - with responsibility for data protection gdprcompliance right across the organisation. Consider how they will operate within your existing organisational structure, the responsibilities they should have (i.e. liaising with regulatory bodies, board-level reporting, providing training, etc), and governance issues.
    3. Be proactive and aim for data protection by design - Think about how you might integrate data protection into all your processes so data protection and privacy issues are prioritised from the start. Carry out and document Data Protection Impact Assessments (DPIAs) or Privacy Impact Assessments (PIAs) to strengthen protections for individuals.
    4. Measure and mitigate the risk - As a board, be sure to spend time discussing your cybersecurity and information security issues. What is your risk profile, your attitude to different risks, and appetite in respect of data breaches? Are cyber security and information security issues included in your risk register? Are there named risk owners and specialist teams to track and manage the risk? What role do Audit and Compliance play now and how will this change in future?
    5. Accept accountability - Be in no doubt. Significant fines can be imposed on firms who don't comply. Cyber security never was and will no longer be just an IT issue. The stakes are high and it's time to step up. Are you ready?

    Want to know more about GDPR?

    As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.

    If you've any further questions or concerns about GDPR, just leave us a comment below this blog. We are happy to help!

    Leave a comment

    Tick

    Free Trial: Compliance Essentials

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Request now

    Skillcast at Learning Technologies 2020

    About Learning Technologies 2020 (#LT2020UK) Learning Technologies is Europe's leading conference dedicated to organisational learning and the technology that supports it. It's on February 12-13th at ...

    Read More
    The Biggest Financial Crime Fines

    Monetary fines are the most common punishment for financial crimes. They serve as a powerful tool for encouraging companies to apply best practices to ensure 100% compliance. Yet, despite all the ...

    Read More
    What are the Best Workplace Learning Theories?

    Learning theories have been developing for decades, each has their own merits. We look at six of the most well established theories to explain how you can use them to improve outcomes. When designing ...

    Read More
    Biggest GDPR Fines of 2019

    Penalties for breaching the GDPR can reach up to €20 million or 4% of annual global turnover, whichever is highest. We examine the size and reasons for the biggest GDPR fines of 2019. Ever since ...

    Read More