Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Organisation’s ’keep everything’ culture putting them at risk of GDPR punishment

June 2017 by Iron Mountain

The deadline for complying with the new General Data Protection
Regulation (GDPR) is just a year away, yet the majority of businesses are struggling
to implement good information governance because they fail to engage employees to
help establish and enforce an organisation-wide policy for dealing with information.
According to the latest study from Cohasset Associates and ARMA International, a
’keep everything’ culture persists at 81% of businesses, and 84% of businesses
believe that employee resistance to change is a challenge they still need to
overcome[i]. In light of these findings, Iron Mountain warns that business managers
must start doing more to bring employees on board and overcome these challenges - or risk facing the hefty fines and reputational damage associated with falling foul of
data protection legislation.

When it comes into force in May 2018, the new GDPR could result in swift and severe
punishment for businesses that fail to comply with its regulations regarding the
acquisition, use, transmission, storage, destruction and breach of personal data,
with fines of up to 4% of annual world turnover or EUR 20 million, whichever is
greater. [ii]

The study, Transforming Information Management, which has been underwritten in part
by Iron Mountain, has highlighted the challenges faced by businesses as they undergo
the transition from an operational-tactical approach focused mainly on records and
information management to the adoption of a business-wide Information Governance
(IG) strategy aimed at the benefit of the entire company and its customers. Despite
the fact that business managers are putting policies in place to facilitate a
transition towards IG, managers are guilty of not encouraging employees to engage
with these policies. The study found that although most management personnel (83%)
are engaged and enthusiastic about information governance, this drops to 68% of
employees, with little being done to boost engagement - currently only a quarter
(26%) of businesses provide information governance training to all employees.

Sue Trombley, Director of Thought Leadership at Iron Mountain said, "The days of
keeping everything just in case should be well and truly over if organisations want
to protect the personal data they hold in compliance with the law. Yet this is only
the case in one in five businesses. Getting it right requires good information
governance, which, if it is to be successful, must involve everyone in the business
from the top to the bottom. While we are seeing a strong desire among business
managers to transition towards a more compliant approach to managing information,
that desire is not being met with training programmes to harness employee support.

"In today’s data-driven business world, the desire to keep everything is
understandable, but it can put businesses at risk of treating customer, employee,
and business-critical information irresponsibly, or keeping sensitive information
beyond its legal retention period. Without the right training employees will
naturally be resistant to change. They cannot make good information management
decisions unless they understand what to do and why it is important for the
business. The message is simple: put measures in place to help employees now, or run the risk of non-compliance with the shifting data protection landscape and
potentially face the severe penalties as a consequence."


[i] http://www.cohasset.com/retrievePDF.php?id=28

[ii] Prepare now for the new EU data protection law, Iron Mountain (2016)


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts