Recent high-profile data breaches have kept cybersecurity in the news and made data protection a priority at many companies. What firms don’t realize is that the impending European Union (EU) General Data Protection Regulation (GDPR) has elevated the data privacy issue to a Board-room level for any company doing business or collecting data on residents of the EU. For more on GDPR, see How to Comply with GDPR.
Financial and Risk Responsibilities of the Board of Directors
In the US and in the EU, a publicly traded company Board of Directors typically has an Audit Committee responsible for overseeing financial reporting and risk management. This is where the GDPR readiness discussion needs laser attention, full understanding and top-line support.
Asking the hard questions
Audit Committee Chairs should be asking some essential GDPR readiness questions of the company’s senior executives:
Is our company able to answer and show documentation that sufficiently addresses these questions?
If your executive team cannot clearly articulate the company’s position for each of these questions, it may be time for the Board of Directors to get more actively involved. Here are some suggested next steps:
While GDPR compliance helps enterprises mitigate extensive risk inherent in non-compliance fines and lost customer trust, a critical “by-product opportunity” is revealed when a well-executed personal data protection program is enacted. Customers have more confidence and trust in companies that protect their personal data, and will be more willing to share more of this data. This enables the enterprise to continue to collect the data necessary to provide advanced services, and savvy-customers will be willing to participate.
There’s Still Time to Act
As a Board member at a public company that collects European Union resident data, the time to act is now. Ask the right questions, become the sponsor of a GDPR Readiness Program. Talk to your Legal Counsel and Chief Information Security Officer (CISO). There is still time. Veritas can help. Our Advisory Services can help get you started with GDPR. Contact us for a GDPR Readiness Assessment or review our capabilities at www.veritas.com/gdpr.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.