Most, 69pc of board-level executives are neglecting to ensure the UK businesses they run will comply with the General Data Protection Regulation (GDPR), according to new research from Calligo, a cloud services firm.
The figures were in a survey of 500 IT decision-makers in companies with more than 100 employees and £15m turnover, to look at how businesses are preparing for the new regulation.
Only 31pc of respondents said they had governance sponsorship for GDPR at board level, while just 9pc said their compliance departments were giving them full support. This lack of interest at the top level comes despite more than six out of ten (62pc) respondents agreeing that the new regulation would affect the profitability of their business, including 19pc who said the impact would be negative.
Julian Box, CEO, at Calligo, said: “It is worrying to see signs that GDPR governance does not have the full attention of so many C-level executives. Too many of those at the top think it is all about security, when that is only a part of it. The deadline for compliance is May 25 next year and any company that subsequently fails to handle data in the correct manner risks the severe penalties stipulated in the regulation. The top people in every organisation need to get to grips with this challenge, ensuring that their data is being stored and handled in full compliance.”
The survey found that only 43pc of companies have appointed and resourced a DPO (Data Protection Officer), despite this being a requirement of the GDPR for medium-sized and larger businesses. In IT and telecoms, the figure is just 37pc, while in manufacturing and utilities it is just 36pc. On average, organisations said they will employ ten people on the task of achieving GDPR compliance, with healthcare sector proving the most committed, devoting an average 26 employees. This compares with averages of nine in IT and telecoms and four in arts and culture.
The General Data Protection Regulation comes into force across the EU – and including the UK, regardless of Brexit – in May 2018 to standardize the protection of personal data of EU citizens. For a report on the research findings go to www.calligo.cloud/gdpr/ebook.
