Mind the GDPR Gap: Board Members at Odds with Management on Level of GDPR Compliance

  • 41% of board-level respondents think they have all of the necessary processes in place to be GDPR complaint, yet, only 21% of middle management agree.
  • 56% of board members think they could handle hundreds of RTBF requests, yet only a third of middle management agree.
  • Data duplication is common within firms: 49% of board-level respondents and 31% of middle management thought their organization definitely duplicated customer data.
  • New whitepaper outlines recommendations for bridging this compliance gap and growing a business through better information governance.
Posted on January 23, 2018

Theale (UK) 23rd January, 2018,  – New research by data security company Clearswift has shown that board members are more confident than management about their organization’s ability to comply with the General Data Protection Regulation (GDPR), in time for the May 25th deadline.

The research, which surveyed 600 senior business decision makers and 1,200 employees across the UK, US, Germany, and Australia, revealed that 41% of board-level respondents think they have all of the necessary processes in place to be GDPR compliant, yet, only a quarter of senior management and even fewer middle management respondents (21%) thought the same.

It is important that the board understands the true state of GDPR compliance in order to address any issues in time for the May 25th deadline, and also to identify ways of growing their business through better information governance.

When it came to the right to be forgotten (RTBF), which entitles EU citizens to request that an organization deletes all references to them that it holds, over half (56%) of board level respondents think that their organization could handle hundreds of requests at once. Yet, only a third (36%) of middle management agree.

Not only did the research show a differing opinion between the board and management level respondents, but it also revealed insights into the extent of data duplication that exists within organizations. For example, 49% of board-level respondents, and 31% of middle management thought their organization definitely duplicated customer data.  

Two thirds (66%) of board level respondents and 70% of senior management thought employees in their organization have downloaded work documents to their personal devices (such as a laptop, smartphone or tablet) that they have not subsequently deleted (unintentionally or otherwise).

Dr. Guy Bunker said: “Board level respondents may have a misplaced confidence when it comes to their organization’s level of GDPR compliance. However, once a board becomes aware that its confidence may be misplaced, then it is immediately one-step closer to compliance. By engaging closely with management, the board will have a much clearer and more accurate view of the state of compliance, and will be able to put measures in place to address any issues.”

“Middle management is more likely to have a better view of the data that their organization holds – where it is saved and how it is being used – because they are more familiar with the day-to-day operations and challenges that staff may encounter. For example, if a company doesn’t have its own private file sharing service, then this may drive employees to use third-party sites or download data onto a USB. Management should be encouraged by the board not to filter out ‘bad’ information. For example, if data duplication is rife then the board needs to know so it can address the issue in time for the GDPR deadline.”

Bunker added, “GDPR can be the first step towards better information governance: GDPR compliance is about being able to recognize a particular data set and protect it accordingly. The same processes and technology can be used to protect other types of information that are valuable to your organization. For example, product design documents, price lists, patent applications and even information around service pricing and contract bids.”

Clearswift has published a whitepaper, The GDPR Divide: Board Views vs Middle-Management, based on this research.

Notes to editors:

This research was conducted by technology research firm, Vanson Bourne, on behalf of Clearswift. Over 600 business decision makers and 1,200 employees from the UK, US, Germany, and Australia were polled to map the attitudes of businesses and employees relating to cybersecurity.

About Clearswift

Clearswift’s content-aware, policy based solutions enables defense, government, healthcare and financial services organizations across the globe to manage and maintain no-compromise data, email, cloud and web security.

US
MRB Public Relations
+1 732 758 1100
[email protected]

EMEA 
C8 Consulting
+44 118 334 0220
[email protected]

Recent News
IT Security Wire: Cybersecurity in 2023: Top Three Predictions
January 12, 2023

In this IT Security Wire article, cybersecurity experts Eric George and Tom Gorup share their 2023 cybersecurity predictions.

Fortra Acquires Outflank, Further Empowering Customers to Thwart Cyberattacks with Advanced Adversary Simulation Services, Offensive Security Tooling, and Training Services
September 2, 2022

MINNEAPOLIS (September 1, 2022)—Fortra announced today the acquisition of Outflank, a well-regarded IT security leader with de

Intelligent CIO: Ciaran Rafferty, Managing Director of Email Security, Fortra
July 21, 2022

Fortra employee, Ciaran Rafferty shares his thoughts on everything from cybersecurity trends to the future of email security in this interview with Intelligent CIO. 

Fortra Acquires Terranova Security to Aid Global Customers in Building Localized Employee Security Awareness Training
April 12, 2022

MINNEAPOLIS —April 8, 2022—Fortra announced today the acquisition of Terranova Security, a leader in global phishing simulation and security awareness t

Fortra to Acquire Alert Logic to Enable Customers to Address Cybersecurity Skills Shortage with Hybrid IT Approach
March 9, 2022

Managed detection and response (MDR) forms new cornerstone of Fortra's cybersecurity portfolio