71% of organisations plan bold steps in creating a culture of GDPR-compliance

• 95% of those surveyed in Singapore agree to drive such changes
• 58% of Singapore firms to add mandatory GDPR policy adherences employment contracts

A STUDY from Veritas Technologies, has found that the General Data Protection Regulation (GDPR) has the potential to drive major cultural changes in businesses worldwide.

Nearly three in four respondents globally plan to incentivise employees to improve data hygiene and take accountability for data compliance.

According to The Veritas 2017 GDPR Report, 88% of organisations around the world plan to drive employee GDPR behavioural changes through training, rewards, penalties and contracts.

Locally, the number is significantly higher, with 95% of those surveyed in Singapore agreeing to drive such changes. Almost half (47%) of businesses will go so far as to add mandatory GDPR policy adherences into employment agreements. In Singapore, 58% share a similar sentiment.

Failure to adhere to contractual guidelines could have significant implications. Nearly half (41%) of global respondents – and more than half (55%) of those surveyed in Singapore – also plan to implement employee disciplinary procedures if GDPR policies are violated.

A quarter of businesses globally (25%) would consider withholding benefits — including bonuses — from employees found to be non-compliant, with 31% agreeing to do the same in Singapore.

At the same time, 34% of global respondents say they will reward employees for complying with GDPR policies, as those employees are helping to promote proper data governance within their organisations, which can lead to better business outcomes.

Thirty-eight percent of local respondents also share the same belief.

GDPR driving cultural changes

The report found that the vast majority of respondents (91% globally, 95% locally) admit that their organisation does not currently hold a culture of good data governance or GDPR compliance.

However, as indicated above, companies understand that training is critical to driving cultural changes within their organisations.

The majority (63%) of companies believe all employees must receive mandatory training on GDPR policies, with 71% of those surveyed in Singapore sharing similar sentiments.

However, respondents were also quick to identify the types of employees that should be trained: 86% believe the IT department must be prioritised, closely followed by business direction and strategy employees (85%), business development/sales/channel employees (84%), legal employees (82%) and finance employees (82%).

Meanwhile, 92% of companies in Singapore felt that the efforts should be focused on business development/sales/channel employees, followed by IT department (89%), business direction and strategy employees (89%) and legal employees (89%).

“Data is one of the most critical assets within an organisation, yet many businesses are struggling to implement good data hygiene practices — and that often starts with employees,” said Mike Palmer, executive vice president and chief product officer, Veritas.

“However, our research shows that businesses are getting serious about driving cultural change within their organisations.”

“As businesses consider deploying new processes and policies including training, rewards and updated contracts in support of GDPR compliance, more employees will understand the role they play in protecting their organisation’s data. And, for employees that fail to take matters seriously, their bonuses and benefits may be negatively impacted.”

Business benefits of GDPR compliance

While avoiding stringent regulatory penalties and fines is clearly a driver for improving an organisation’s compliance posture, many companies also see major business benefits that go well beyond avoiding such sanctions.

The research shows that almost all businesses – 95% globally and 98% locally – see substantial business benefits to achieving GDPR compliance, including better data management across the entire organisation.

Specifically, organisations believe that once they have advanced their compliance standing, they are able to reap the following benefits:

• Improve data hygiene: 92% of global respondents believe that their organisation will benefit from good data hygiene, which helps drive trust in the data and improve data quality, accuracy and policy enforcement – This figure stands at 97% locally.
• Generate more insights: 68% believe that they will gather stronger data insights about their businesses through GDPR compliance, which can play a key role in delivering better customer experiences – 79% of those surveyed locally share the same belief.
• Save money: 68% of global respondents think that their organisation will save money – 75% of local respondents share a similar sentiment.
• Build brand reputation: 59% believe that data compliance will also strengthen their reputation or relationships with their customers – 64% of those surveyed in Singapore also share the similar belief.
• Protect data: 51% of organisations believe they will be able to protect data more efficiently. Meanwhile the numbers are significantly higher in Singapore at 73%.
• Increase revenues: 45% (50% locally) expect to reduce costs, increase revenue or market share with better data management. One in five (22%) think it will ultimately help their organisations have more disposable cash, which can be used to invest in research and development (R&D) or to deploy additional resources to drive innovation. Those surveyed in Singapore also share similar views, with 28% agreeing with the same statement.
• Hire more people: A quarter of global respondents (25%) say that enhanced data compliance will allow the organisation to employ more staff to provide better customer service – In Singapore, the number sits at 26%.

“The GDPR will take effect on May 25, 2018 and will apply to any organisation—inside or outside the EU—that offers goods or services to EU residents, or monitors their behaviour,” added Palmer.

“Companies that adhere to compliance not only reduce their risks of fines, but have an opportunity to offer customers better experiences through proper data management, which can impact customer loyalty, revenues and brand reputation.”