Two-Thirds of CFOs Oblivious to Key Data Protection Legislation Despite Controlling IT Investment, BT Ireland Reveals
Key Highlights from Amárach Research:
- 69% of CFOs say they are unfamiliar with Privacy Shield, while 63% are oblivious to the requirements or penalties of the EU’s General Data Protection Regulation.
- Despite this, 45% of CFOs say they have more direct responsibility for data protection than they did three years ago, while half say managing regulatory compliance is becoming a bigger part of their job.
- 34% of CFOs say they are spending significant sums of money on IT projects, the highest proportion of any senior executive outside of the CIO.
- CFOs are divided on need for control of unauthorised spend or “shadow IT”, exposing possible data protection issues.
69% of Chief Financial Officers (CFOs) in Ireland are completely unaware of key data protection regulation that could massively impact their organisations. Despite this, responsibility for data protection and compliance has become a bigger part of their role, with 30% of CFOs having the final sign-off on IT spend versus 26% of Chief Information Officers (CIOs).
Research commissioned by BT Ireland, and conducted by Amárach Research into large domestic and multi-national organisations with an average 800 employees, reveals that only 28% of CFOs aware of the EU General Data Protection Regulation (GDPR) believe it will have a significant impact, with 62% saying it will have some impact.
Similarly, just 32% of CFOs aware of the Privacy Shield say it will have a significant impact, 48% expect some effect, while 20% believe it will have little or no consequence. Earlier this year, BT Ireland research revealed that their CIO peers put greater value on data protection. 33% of CIOs rate a data breach as having a bigger impact on their company than the departure of a CEO or a major product recall.
Well Informed with the Wrong Data
In spite of a lack of awareness of key data protection agreements and legislation, 89% feel extremely well informed or fairly well informed when signing off major IT projects. 45% of CFOs say they now have more direct responsibility for data protection than they did three years ago, while half of CFOs report that managing regulatory compliance has become a bigger part of their role.
While most CFOs admit to being uninformed when it comes to data protection, a clear majority say that technology will continue to change their role over the next three years. Some 71% expect job changes as a result of technology, with almost a quarter, 24%, expecting many or a lot of changes to their role. Clearly, CFOs foresee even greater change than their CIO peers – 67% of CIOs expected job changes according to BT Ireland research earlier this year.
More Spend, Less Control
Some 34% of CFOs say they spend significant sums on technology, including hardware, software, and services. And they’re not the only member of the organisation to invest in IT, outside of the CIO. 84% of CFOs believe that unsanctioned tech spend outside of the IT department, or shadow IT, is occurring within their organization.
When asked whether the issue of shadow IT needs to be addressed by the CIO, CFOs expressed uncertainty, with 42% saying it did not need to be controlled. However, this unauthorised and uncontrolled spend could potentially lead to even greater data privacy risk for organisations.
Commenting on the research findings, Shay Walsh, Managing Director of BT Ireland, said:
“With just over two thirds of CFOs unfamiliar with the latest EU data protection regulation, the question you have to ask is “are boardroom decision-makers aware of the penalties associated with a data breach“?
While CFOs are taking a more proactive role in IT investment, it is clear that they are seriously unprepared when it comes to key data protection agreements and directives. The research also demonstrates the prevalence of shadow IT spend, which means crucial IT decisions are being made outside of the CIO’s control, again running the risk of breaches.
“We are in an era of unprecedented data regulation and a divided organisation risks massive penalties and serious reputational damage by not understanding the implications. CFOs, in collaboration with their boardroom peers, need to understand the impact of their tech spend, and ensure they have clear procedures, policies and compliance in place, in preparation for the changes coming in May 2018.
“We work as a trusted partner with organisations, locally and globally, to help them navigate the data protection minefield, providing a global footprint of industry-leading data centre services, underpinned by internationally recognised compliance accreditations and secure network capabilities. Our experience and expertise enables our clients to shape the right solution for their strategic business, IT and regulatory needs, and that value cannot be underestimated.”
BT Compute Enables CFO’s Evolution
BT’s portfolio of data centre and cloud services, BT Compute, is underpinned by a secure global network, IT services, and professional security expertise. It’s this combination that enables customers, such as the European Commission and Ricoh Europe, to combine traditional technologies with the new — a key requirement in a 24/7 borderless market.
An inherent requirement of data regulation is knowing where data is located, but for most organisations, either through shadow IT or IT infrastructure sprawl, this is not straightforward. By leveraging a hybrid IT environment with BT Compute, businesses can have the autonomy and functionality that they need, geographically and technically, and in compliance with data protection directives.