Large companies least likely to engage with data protection and privacy regulations

Large companies least likely to engage with data protection and privacy regulations

There is a lack of board room engagement and knowledge in large organisations around the impact of privacy and data protection regulation, compared to their counterparts in smaller organisations according to new research by The DPO Centre. Over 400 data protection experts were asked how well senior leaders of their organisation, as well as all other employees, understood and engaged with privacy issues such as accountability, compliance and data security.

Across all areas of privacy and data regulation, the privacy experts working at the largest organisations in the UK, with over 10,000 employees, rated their senior team as the worst at engaging with and understanding privacy laws.  For example when asked how senior leaders understood and engaged with the issue of data retention, including GDPR the average score given across all companies was 5.9 out of 10, but organisations with more than 10,000 employees only scored  4.2 out of 10.

Senior leaders in companies with over 1,000 employees were rated the least likely to understand the impact of and engage with the issue of accountability and the need to demonstrate compliance according to their in-house experts who rated them 5.4 out of 10. This was significantly lower than those working in medium-sized companies who rated their senior teams an average of 7.1 out of 10.

Worryingly, this lack of engagement in senior teams at large organisations is replicated through all levels of an organisation. When privacy experts were asked  ‘To what degree do you think staff in your organisation recognise the importance of data protection and privacy regulations and how they apply?’, the results show that respondents from medium and smaller-sized companies were more likely to say that employees recognise the importance of privacy and data protection regulation.

Companies with under 1,000 employees were more likely to score 7 or higher, with those with 500-1,000 employees getting an average score of 7.7. By comparison, larger companies received scores far lower on average, with organisations with more than 5,000 employees only scoring an average of 6.2 out of 10.

Rob Masson, CEO at The DPO Centre, said: “Our research clearly highlights that it is the larger companies that are struggling to engage with privacy and data protection regulation, not only amongst their senior leaders but also their wider staff.

“Data protection and privacy is a boardroom issue, and senior management need to lead by example to ensure that data protection is taken seriously throughout all levels of the organisation. Going forward, privacy and data protection issues are increasingly becoming the cornerstone of doing business, so cultivating great staff awareness and a culture of compliance is going to be essential for businesses of all sizes.”

Note: Research conducted by The DPO Centre and the Data Protection World Forum amongst privacy experts in July 2021