Personal accountability for data protection at the board level is an issue
In the good old days, the board of directors were accountable to the shareholders for its actions. This limitation has now changed forever. The Board and the committee members are now more responsible to the oversight authorities as well as to the annual assembly and the shareholders.
The Board still continues to have a fiduciary duty to ensure that senior managers run the company in the long-term interest of its owners. Also, some corporate governance policies guide the endorsement of some critical pillars of board accountability on a number of issues.
Digital revolution is changing the liability concept
However, since technology and digitalisation are the driving force, the updated data protection mandates are changing the very nature and implications of business leadership work and jobs. The digital revolution is changing the accountability concept as well by simultaneously empowering and cleansing the storage of all data and records for the stakeholders in the process.
This transition is exponentially increasing the demands the board and senior management to understand and address the IT and data issues adequately. The members and directors can start by simply broadening their digital skill sets, on how to use the new tools to transform their operating models and prepare their businesses for the way those tools are changing and comprehend the business risks of work IT and data structures and patterns.
MD sentenced to 12 months imprisonment
Recently in late December 2016 Richard Kingston, 54, the former managing director of a Middle East subsidiary of a U.K. construction and professional services company, was found guilty by a jury on two counts of concealing, destroying or otherwise disposing of two mobile telephones, knowing or suspecting that the data stored on those phones would be relevant to the SFO’s inquiries, contrary to section 2(16) of the Criminal Justice Act 1987. He was sentenced to 12 months imprisonment on each count, to run concurrently.
IT and data values of an organisation
Therefore the Boards have to take a more hands-on approach to be comfortable with their responsibility and accountability for setting the IT and data values of an organisation. Not only will they provide the general guidance but they shall also be satisfied that these new values and disciplines are embedded in the IT structure and the daily processes.
Some surveys indicate that the CEO has the most influence on the practical IT digitisation and that boards are spending more time to embed IT and data behaviours and digitisation values in the corporate culture. IT culture also plays a significant role in the current GDPR (EU Data Protection) implementation. Any lack of cultural fit or concerns on IT and data values and behaviours will prolong the application so the 2018 deadline will be a major problem. http://www.copenhagencompliance.com/gdpr/register.html