The upcoming General Data Protection Regulation (GDPR) has the potential to drive major cultural changes in businesses worldwide, according to a new survey from Veritas that found that 71% of respondents globally plan to incentivize employees to improve data hygiene and take accountability for data compliance.
According to The Veritas 2017 GDPR Report, 88% of organizations around the world plan to drive employee GDPR behavioral changes through training, rewards, penalties and contracts. In Singapore, the number is significantly higher, with 95% of those surveyed in the island state agreeing to drive such changes.
Almost half (47%) of businesses globally will go so far as to add mandatory GDPR policy adherences into employment agreements. In Singapore, 58% share a similar sentiment.
Failure to adhere to contractual guidelines could have significant implications. Nearly half (41%) of global respondents – and more than half (55%) of those surveyed in Singapore – also plan to implement employee disciplinary procedures if GDPR policies are violated. A quarter of businesses globally (25%) would consider withholding benefits – including bonuses – from employees found to be non-compliant, with 31% agreeing to do the same in Singapore. At the same time, 34% of global respondents say they will reward employees for complying with GDPR policies, as those employees are helping to promote proper data governance within their organizations, which can lead to better business outcomes. 38% of local respondents also share the same belief.
GDPR driving cultural changes
The report found that the vast majority of respondents (91% globally, 95% in Singapore) admit that their organization does not currently hold a culture of good data governance or GDPR compliance. However, as indicated above, companies understand that training is critical to driving cultural changes within their organizations.
The majority (63%) of companies believe all employees must receive mandatory training on GDPR policies, with 71% of those surveyed in Singapore sharing similar sentiments.
However, respondents were also quick to identify the types of employees that should be trained: 86% believe the IT department must be prioritized, closely followed by business direction and strategy employees (85%), business development/sales/channel employees (84%), legal employees (82%) and finance employees (82%).
Meanwhile, 92% of companies in Singapore felt that the efforts should be focused on business development/sales/channel employees, followed by IT department (89%), business direction and strategy employees (89%) and legal employees (89%).
“Data is one of the most critical assets within an organization, yet many businesses are struggling to implement good data hygiene practices – and that often starts with employees,” said Mike Palmer, executive vice president and chief product officer at Veritas. “However, our research shows that businesses are getting serious about driving cultural change within their organizations.”
“As businesses consider deploying new processes and policies including training, rewards and updated contracts in support of GDPR compliance, more employees will understand the role they play in protecting their organization’s data. And, for employees that fail to take matters seriously, their bonuses and benefits may be negatively impacted.”
While avoiding stringent regulatory penalties and fines is clearly a driver for improving an organization’s compliance posture, many companies also see major business benefits that go well beyond avoiding such sanctions. The research shows that almost all businesses – 95% globally and 98% locally – see substantial business benefits to achieving GDPR compliance, including better data management across the entire organization.
Detailed information on the report is here [PDF].
An infographic is also available right below this sentence.
Veritas commissioned independent technology market research specialist Vanson Bourne to undertake the research upon which this report is based.
A total of 900 business decision makers were interviewed in February and March across the US, the UK, France, Germany, Australia, Singapore, Japan and the Republic of Korea. The respondents were from organizations with at least 1,000 employees, and could be from any sector. To qualify for the research, respondents had to be from organizations that do at least some business with the EU.