Why middle management and the board disagree on GDPR

New Clearswift research suggests a difference in opinion on GDPR preparedness between board members and middle management

European Union [EU] flag-lock on top of a map of Europe

A new global research study conducted by Clearswift across the UK, US, Germany, and Australia reveals that just 21 percent of middle management believe they are ready for GDPR. This compares to 41 percent of board members. We speak to Guy Bunker, SVP of products, to get his take on the findings.  

Why do you think there is such a disconnect between the views of middle management and the board when it comes to GDPR?

In essence, the board knows what should be going on (often what they are told is going on). However, the practice is often different, and that’s where the middle management and views from other staff come in. Shortcuts to working processes are frequently done to make things easier for the individual but also frequently create security issues. The classic example is emailing work to the individual’s home email account so they can work on it at home over the weekend. This is where talking to the staff to understand the reality is required to help improve processes without compromising security.

What is the biggest issue here: Should the board be asking more questions or should middle management be more proactive?

There needs to be a "don’t shoot the messenger" attitude coupled with transparency. This is essential to make the workplace more secure. Often the board needs to improve their security as well, but middle management don’t want to say that they are doing anything wrong. Both sides need to ask more questions, respond truthfully and then improvements will occur. This is also true for mistakes – the sooner they are owned up to, the better: "I accidently emailed the accounts to ‘…’, what do we do now?" It was a mistake, perhaps a change in process is required, or new technology to enforce a policy – spending time pointing fingers and playing the blame game is not good for anyone, especially the company and its customers.

Why is the right to be forgotten the biggest challenge for most businesses?

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.