<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    gdpr

    Boardrooms across the UK are too complacent and many are failing to take the new data protection rules seriously, according to joint research by Trend Micro and Opinium.

    In a global survey of over 1,000 IT leaders, here are some of the key findings:

    • 88% of UK firms felt their data was as secure as it could be (global average - 79%)
    • Only 57% of firms have a process in place to notify the data authority within 72 hours of data breaches
    • Most (73%) were unaware of the colossal fines (up to €20 million or 4% of global annual turnover) for non-compliance, with a quarter (28%) claiming fines "wouldn't bother them"
    • 60% cited reputational damage as one of the biggest impacts of a data breach
    • There was poor understanding of the basic principles - 79% of UK businesses (global average 64%) gdprdidn't know that a customer's date of birth was classed as personal data and 56% wrongly thought that email marketing databases were not personal data
    • Just 19% of firms had a C-level executive engaged in GDPR and only 10% had a board-level manager, with the IT department in charge in 61% of cases
    • Despite their obligation to use technologies to manage the risks, only 25% of UK businesses had invested in technology to identify intruders on their IT network, just 27% had invested in encryption technologies, with 30% implementing leak prevention technology
    • Only 11% knew that their firm would be held jointly responsible in the event of EU data loss by a US service provider 

    Use this checklist to help move GDPR up the boardroom agenda in your firm:

    1. Get the tone from the top right - If you haven't already, consider holding events and roadshows, creating resources, or organising presentations by the CEO and board to create awareness and demonstrate your commitment to data protection at the highest level. If it matters to you, then it will matter to everyone else across the organisation.
    2. Appoint a dedicated Data Protection Officer, if required - with responsibility for data protection gdprcompliance right across the organisation. Consider how they will operate within your existing organisational structure, the responsibilities they should have (i.e. liaising with regulatory bodies, board-level reporting, providing training, etc), and governance issues.
    3. Be proactive and aim for data protection by design - Think about how you might integrate data protection into all your processes so data protection and privacy issues are prioritised from the start. Carry out and document Data Protection Impact Assessments (DPIAs) or Privacy Impact Assessments (PIAs) to strengthen protections for individuals.
    4. Measure and mitigate the risk - As a board, be sure to spend time discussing your cybersecurity and information security issues. What is your risk profile, your attitude to different risks, and appetite in respect of data breaches? Are cyber security and information security issues included in your risk register? Are there named risk owners and specialist teams to track and manage the risk? What role do Audit and Compliance play now and how will this change in future?
    5. Accept accountability - Be in no doubt. Significant fines can be imposed on firms who don't comply. Cyber security never was and will no longer be just an IT issue. The stakes are high and it's time to step up. Are you ready?

    Leave a comment

    Tick

    eBook: Essential Uncovered

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Request now

    9 ways to reduce the risk of bribery and corruption

    Corruption affects all countries, rich and poor. It causes instability, inequality, and poverty, eroding national wealth. Despite the UK Bribery Act coming into force in 2011 as one of the toughest ...

    Read More
    Highlights from the GDPR 2019 Summit

    Almost a year on from the implementation of the GDPR, Skillcast held a breakfast forum for its clients at South Place Hotel. During this session, Skillcast gave a breakdown of the new GDPR Library of ...

    Read More
    Compliance Essentials News - May 2019

    Here's a selection of the most informative compliance news stories this month - regulatory announcements, market studies, and stories about compliance lapses and downright disregard of ...

    Read More
    FCA Compliance News - May 2019

    Here's a selection of news stories from the last month that touch upon the people dimension of regulatory compliance. Select the links or scroll down for more details. 3 firms and 5 individuals are ...

    Read More