Board-level executives are neglecting to ensure the UK businesses they run will comply with the General Data Protection Regulation (GDPR), according to new research from Calligo.
The figures were in a survey of 500 IT decision-makers in companies with more than 100 employees and £15 million turnover, examining how businesses are preparing for the new regulation.
Only 31 percent of respondents said they had governance sponsorship for GDPR at board level, while just 9 percent said their compliance departments were giving them full support. This lack of interest at the top level comes despite more than six out of ten (62 percent) respondents agreeing that the new regulation would affect the profitability of their business, including 19 percent who said the impact would be negative.
“It is worrying to see signs that GDPR governance does not have the full attention of so many C-level executives,” said Julian Box, CEO, at Calligo. “Too many of those at the top think it is all about security, when that is only a part of it. The deadline for compliance is May 25th next year and any company that subsequently fails to handle data in the correct manner risks the severe penalties stipulated in the regulation. The top people in every organization need to get to grips with this challenge, ensuring that their data is being stored and handled in full compliance.”
The survey found that only 43 percent of companies have appointed and resourced a data protection officer, despite this being a requirement of the GDPR for medium-sized and larger businesses. In IT and telecoms, the figure is just 37 percent, while in manufacturing and utilities it is just 36 percent.
On average, organizations said they will employ 10 people on the task of achieving GDPR compliance, with healthcare sector proving the most committed, devoting an average 26 employees. This compares with averages of nine in IT and telecoms and four in arts and culture.For a full report on the Calligo research findings go to www.calligo.cloud/gdpr/ebook