Research by The DPO Centre reveals that senior leaders in large organisations are less likely to understand the impact of privacy and data protection regulation or engage with it, compared to their counterparts in smaller organisations.

Over 400 data protection experts were asked how well senior leaders of their organisation, as well as all other employees, understood and engaged with privacy issues such as accountability, compliance and data security.

Across all areas of privacy and data regulation, the privacy experts working at the largest organisations in the UK (those with over 5,000 employees) rated their senior team as the worst at engaging with and understanding privacy laws.

When asked how well they thought the senior leaders in their organisation understood the impact of and engaged with the issue of accountability and the need to demonstrate compliance, experts working in companies with over 1,000 employees rated their senior teams an average of 5.4 out of 10. This was significantly lower than those working in medium-sized companies who rated their senior teams an average of 7.1 out of 10.

Similarly, when asked the same question about how senior leaders understand and engage with the issue of data retention, the average score given across all companies was 5.9 out of 10. Organisations with 10,000+ employees scored the lowest with an average of 4.2 out of 10.

Finally, looking at the question: ‘To what degree do you think staff in your organisation recognise the importance of data protection and privacy regulations and how they apply?’, the results show that respondents from medium and smaller-sized companies were more likely to say that employees recognise the importance of privacy and data protection regulation.

Companies with under 1,000 employees were more likely to score 7 or higher, with those with 500-1,000 employees getting an average score of 7.7. By comparison, larger companies received scores far lower on average, with organisations with more than 5,000 employees only scoring an average of 6.2 out of 10.

Rob Masson, CEO at The DPO Centre, said: “Our research clearly highlights that it is the larger companies that are struggling to engage with privacy and data protection regulation, not only amongst their senior leaders but also their wider staff.

“Data protection and privacy is a boardroom issue, and senior management need to lead by example to ensure that data protection is taken seriously throughout all levels of the organisation. Going forward, privacy and data protection issues are increasingly becoming the cornerstone of doing business, so cultivating great staff awareness and a culture of compliance is going to be essential for businesses of all sizes.”

1 Research conducted by The DPO Centre and the Data Protection World Forum amongst privacy experts in July 2021