Financial executives are not doing enough to prepare for a new regulatory regime that will greatly increase the potential penalties for firms that fail to secure sensitive data, a new survey has warned.
Research conducted by BT Ireland found that even though chief financial officers (CFOs) are now more likely than chief information officers to have the final say on IT spending (30 per cent compared with 26 per cent respectively), two-thirds of the former are unaware of the implications of the incoming European General Data Protection Regulation (GDPR).
These rules come into full force on 25th May 2018, Silicon Republic reports, giving businesses just 16 months to prepare.
Even though 45 per cent of CFOs say they have more responsibility for data protection than they did three years ago, and half agree that managing regulatory compliance is becoming a bigger part of their jobs, most of these executives admit they are uninformed about data protection.
BT Ireland managing director Shay Walsh commented: "While CFOs are taking a more proactive role in IT investment, it is clear that they are seriously unprepared when it comes to key data protection agreements and directives."
The consequences of this could be severe, as the GDPR comes with high penalties for failures to protect confidential data. Firms that are found to be in breach of the rules could face fines of up to €20 million (£16.8 million), or four per cent of their global turnover for the year, whichever is higher.
For instance, if Tesco Bank, which recently made headlines after suffering a data breach that saw the accounts of thousands of customers compromised, had been required to follow GDPR regulations, it would have faced a fine of €1.8 billion for the incident.
BT Ireland's research also highlighted the rise of 'shadow IT', where tech spending takes place outside the IT department, without official approval. Some 84 per cent of CFOs believe this takes place within their organisation.
"We are in an era of unprecedented data regulation, and a divided organisation risks massive penalties and serious reputational damage by not understanding the implications," Mr Walsh commented.