69% of CFO’s in Ireland are completely unaware of key data protection regulation (GDPR) that is set to massively affect their organisations, despite the threat of fines amounting to €20,000,000 per organisation – or 4% of global turnover – according to a recent survey commissioned by BT Ireland.
The survey highlights the critical need for organisations to ensure adequate budgets are reserved for GDPR-compliance, a far-reaching new pan-EU regulation which greatly magnifies protection for the personal data of EU citizens.
The findings also noted that, despite the low level of awareness, overall responsibility for data protection and compliance has become an increasing part of the CFO role, with 30% of CFOs having the final sign-off on IT spend versus 26% of Chief Information Officers (CIOs).
Within the articles of GDPR, which was approved in April 2016 with a due date to take effect on May 25th 2018, the question of responsibility for data protection is addressed in terms of an amplified “Data Protection Officer” (DPO) role.
In its newly defined form, the DPO role will combine the need to understand and ensure technical IT processes are adequate for GDPR, with the more traditional ‘compliance officer’ remit, in a much more hybrid role which, the GDPR demands, must include a report to the “very highest level” of the organisation.
Placing data protection firmly at the door of Board-level governance, the GDPR is expected to create a root and branch overhaul of technical systems, policies and supplier relationships, wherever personal data is present in a company’s operational process.