The European Union’s new data privacy protections are spurring draconian efforts by companies to insure compliance.

Known as the General Data Protection Regulation or GDPR for short, the new rules take effect this May and could lead to devastating fines for organizations that fail to comply. So, companies are responding by passing the buck to their employees through various penalties, contracts and disciplinary procedures.

A study conducted by Veritas Technologies finds that nearly nine out 10 companies with 1,000 employees or more plan to drive changes in employee behavior, as it relates to the GDPR, through a combination of training, rewards, penalties and contracts. And almost half (47 percent) intend to add mandatory GDPR policy adherence into their employment agreements.

Failure to adhere to these agreements could have dire consequences for employees. Four out of 10 of the global survey respondents plan to implement various disciplinary procedures if GDPR policies are violated. One out of four of the businesses polled are considering withholding benefits—including bonuses—from employees found to be non-compliant. But, at the same time, just over a third (34 percent) say they will reward employees for adhering to the new GDPR policies.

Inadequate data governance
Most of the survey’s 900 respondents (91 percent) concede that their organization’s current data governance is inadequate. And a sizable majority (63 percent) believe that employees should receive mandatory training on GDPR policies. Most respondents indicated that this was especially important for members of the IT and legal departments, business strategists, salespeople and employees who work in finance.

"Data is one of the most critical assets within an organization, yet many businesses are struggling to implement good data hygiene practices—and that often starts with employees," says Mike Palmer, executive vice president and chief product officer for Veritas, which develops cloud-based infrastructure optimization software. "However, our research shows that businesses are getting serious about driving cultural change within their organizations."

While avoiding severe regulatory penalties and fines is clearly the main motivation for the companies seeking to improve their data governance practices, per the survey, the vast majority (95 percent) see additional business benefits to achieving GDPR compliance. These include:

  • More accurate and better quality data
  • Greater insights into their business
  • Cost savings
  • Better customer service, a stronger brand and better customer relationships
  • Improved data security
  • Increased revenue and market share

"The GDPR will apply to any organization—inside or outside the EU—that offers goods or services to EU residents, or monitors their behavior," notes Palmer. By complying, he says, "companies not only reduce their risks of fines, but have an opportunity to offer customers better experiences through proper data management, which can impact customer loyalty, revenues and brand reputation."