Most UK boards neglecting GDPR compliance

IT decision-makers have reported inadequate levels of sponsorship from the C-suite, despite the General Data Protection Regulation (GDPR) deadline next May.

Data GDPR Security Stock - July August 2016
31% of respondents said they had governance sponsorship for GDPR at board level, while just 9% said their compliance departments were giving them full support.

More than two-thirds (69%) of board-level executives are neglecting to ensure the UK businesses they run will comply with the General Data Protection Regulation (GDPR), according to new research conducted by Calligo.

The figures took in the views of 500 IT decision-makers in companies with more than 100 employees and £15m turnover for a survey examining how businesses are preparing for the new regulation.

Less than one-third (31%) of respondents said they had governance sponsorship for GDPR at board level, while just 9% said their compliance departments were giving them full support.

This lack of interest at the top level comes despite more than six-in-ten (62%) respondents agreeing that the new regulation would affect the profitability of their business, including almost a fifth (19%) who said the impact would be negative.

The survey found that only 36% of manufacturing companies have appointed and resourced a ‘data protection officer’ or equivalent, despite this being a requirement of the GDPR for medium-sized and larger businesses.

On average, organisations said they will employ 10 people on the task of achieving GDPR compliance, with the healthcare sector proving the most committed, devoting an average 26 employees. This compares with averages of nine in IT and telecoms and four in arts/culture.

What is GDPR?

In less than 12 months, the General Data Protection Regulation will come into effect in the European Union – representing a significant change to how businesses handle data.

The deadline for compliance is May 25, 2018 and any company found to have subsequently failed to handle data in the correct manner risks severe penalties. A challenge for manufacturers, particularly those who gather and have been gathering large volumes of data, is that GDPR applies to not only data collected post-25 May, but retrospectively as well.

As such, an organisation’s C-level executives must get to grips with what the legislation means to their business, ensuring that data is being handled and stored in full compliance.