Boardroom (4)

69 per cent of board-level executives are neglecting to ensure the UK businesses they run will comply with the General Data Protection Regulation (GDPR), according to new research from Calligo.

The figures were in a survey of 500 IT decision-makers in companies with more than 100 employees and £15 million turnover, examining how businesses are preparing for the new regulation.

Only 31 per cent of respondents said they had governance sponsorship for GDPR at board level, while just 9 per cent said their compliance departments were giving them full support. This lack of interest at the top level comes despite more than six out of ten (62 per cent) respondents agreeing that the new regulation would affect the profitability of their business, including 19 per cent who said the impact would be negative.

Julian Box, CEO, at Calligo said: “It is worrying to see signs that GDPR governance does not have the full attention of so many C-level executives.

"Too many of those at the top think it is all about security, when that is only a part of it.

“The deadline for compliance is May 25 next year and any company that subsequently fails to handle data in the correct manner risks the severe penalties stipulated in the regulation. The top people in every organisation need to get to grips with this challenge, ensuring that their data is being stored and handled in full compliance.”

The survey found that only 43 per cent of companies have appointed and resourced a Data Protection Officer, despite this being a requirement of the GDPR for medium-sized and larger businesses. In IT and telecoms, the figure is just 37 per cent, while in manufacturing and utilities it is just 36 per cent.

On average, organisations said they will employ 10 people on the task of achieving GDPR compliance, with healthcare sector proving the most committed, devoting an average 26 employees. This compares with averages of nine in IT and telecoms and four in arts and culture.

The GDPR Summit London, the UK’s largest GDR Conference, is being held on January 30th. This one-day deep-dive event will explore the effects of the General Data Protection Regulation on business critical processes. Click here to learn more.