Research by The DPO Centre reveals that senior leaders in large organisations are less likely to understand the impact of privacy and data protection regulation or engage with it, compared to their counterparts in smaller organisations.
Over 400 data protection experts were asked how well they thought the senior leaders in their organisation understood the impact of and engaged with the issue of accountabilityPerhaps the most important GDPR principle, which requires controllers to take responsibility for complying with the GDPR and, document their compliance. and the need to demonstrate compliance, experts working in companies with over 1,000 employees rated their senior teams an average of 5.4 out of 10. This was significantly lower than those working in medium-sized companies who rated their senior teams an average of 7.1 out of 10.
Similarly, when asked the same question about how senior leaders understand and engage with the issue of data retentionData retention refers to the period for which records are kept and when they should be destroyed. Under the General Data Protection Regulation (GDPR), data retention is a key element of the storage limitation principle, which states that personal data must not be kept for longer than necessary for the purposes for which the personal data are processed., the average score given across all companies was 5.9 out of 10. Organisations with 10,000+ employees scored the lowest with an average of 4.2 out of 10.
Finally, looking at the question: ‘To what degree do you think staff in your organisation recognise the importance of data protection and privacy regulations and how they apply?’, the results show that respondents from medium and smaller-sized companies were more likely to say that employees recognise the importance of privacy and data protection regulation.
Companies with under 1,000 employees were more likely to score 7 or higher, with those with 500-1,000 employees getting an average score of 7.7. By comparison, larger companies received scores far lower on average, with organisations with more than 5,000 employees only scoring an average of 6.2 out of 10.
Rob Masson, CEO at The DPO Centre, said: “Our research clearly highlights that it is the larger companies that are struggling to engage with privacy and data protection regulation, not only amongst their senior leaders but also their wider staff.
“Data protection and privacy is a boardroom issue, and senior management need to lead by example to ensure that data protection is taken seriously throughout all levels of the organisation. Going forward, privacy and data protection issues are increasingly becoming the cornerstone of doing business, so cultivating great staff awareness and a culture of compliance is going to be essential for businesses of all sizes.”