<img src="https://certify.alexametrics.com/atrk.gif?account=b2hlr1ah9W20em" style="display:none" height="1" width="1" alt="">
    Login
    Get started

    gdpr

    Boardrooms across the UK are too complacent and many are failing to take the new data protection rules seriously, according to joint research by Trend Micro and Opinium.

    In a global survey of over 1,000 IT leaders, here are some of the key findings:

    • 88% of UK firms felt their data was as secure as it could be (global average - 79%)
    • Only 57% of firms have a process in place to notify the data authority within 72 hours of data breaches
    • Most (73%) were unaware of the colossal fines (up to €20 million or 4% of global annual turnover) for non-compliance, with a quarter (28%) claiming fines "wouldn't bother them"
    • 60% cited reputational damage as one of the biggest impacts of a data breach
    • There was poor understanding of the basic principles - 79% of UK businesses (global average 64%) gdprdidn't know that a customer's date of birth was classed as personal data and 56% wrongly thought that email marketing databases were not personal data
    • Just 19% of firms had a C-level executive engaged in GDPR and only 10% had a board-level manager, with the IT department in charge in 61% of cases
    • Despite their obligation to use technologies to manage the risks, only 25% of UK businesses had invested in technology to identify intruders on their IT network, just 27% had invested in encryption technologies, with 30% implementing leak prevention technology
    • Only 11% knew that their firm would be held jointly responsible in the event of EU data loss by a US service provider 

    Use this checklist to help move GDPR up the boardroom agenda in your firm:

    1. Get the tone from the top right - If you haven't already, consider holding events and roadshows, creating resources, or organising presentations by the CEO and board to create awareness and demonstrate your commitment to data protection at the highest level. If it matters to you, then it will matter to everyone else across the organisation.
    2. Appoint a dedicated Data Protection Officer, if required - with responsibility for data protection gdprcompliance right across the organisation. Consider how they will operate within your existing organisational structure, the responsibilities they should have (i.e. liaising with regulatory bodies, board-level reporting, providing training, etc), and governance issues.
    3. Be proactive and aim for data protection by design - Think about how you might integrate data protection into all your processes so data protection and privacy issues are prioritised from the start. Carry out and document Data Protection Impact Assessments (DPIAs) or Privacy Impact Assessments (PIAs) to strengthen protections for individuals.
    4. Measure and mitigate the risk - As a board, be sure to spend time discussing your cybersecurity and information security issues. What is your risk profile, your attitude to different risks, and appetite in respect of data breaches? Are cyber security and information security issues included in your risk register? Are there named risk owners and specialist teams to track and manage the risk? What role do Audit and Compliance play now and how will this change in future?
    5. Accept accountability - Be in no doubt. Significant fines can be imposed on firms who don't comply. Cyber security never was and will no longer be just an IT issue. The stakes are high and it's time to step up. Are you ready?

    Leave a comment

    Tick

    eBook: Essential Uncovered

    Skillcast Essentials is our best-selling library and there's a reason for that. Essentials library provides comprehensive coverage of the key compliance / conduct issues that companies in the UK face today.

    Request now

    How to use storytelling in compliance training for maximum impact

    Stories help us to connect with people and the world around us. They have the power to  engage us in a way simple narratives just can't. And we remember stories. I'll bet you still remember your ...

    Read More
    5 ways to fire up a culture of compliance

    Any company's biggest risk to attaining and maintaining full compliance with laws and regulations is the conduct of its people - we call this the people dimension of compliance. And against this ...

    Read More
    6 traits of effective compliance officers

    Protecting the ethical integrity of a company is the heart of the compliance officer’s role. And as regulators continue to clamp down on misconduct with higher fines, compliance officers are under ...

    Read More
    New infographic reveals a lack of transparency about political engagements

    Nearly three quarters of companies are failing to disclose how they engage with politicians, according to a new report by Transparency International UK. The 2018 Corporate Political Engagement Index ...

    Read More