PRmoment Awards Tickets 2024 PRmoment Leaders PA Mediapoint PA Assignments PRCA PRmoment Awards Winners North Creative Moment Awards 2024 PR Masterclass: AI in PR

Do you know where your security policy is saved?! #GDPRfails

Despite GDPR coming into effect just months ago, companies are still being lax with protecting customer data, and PR and marketing employees top the list as those least likely to know about their company’s security policy, according to research by telecommunications service provider 247meeting.  

This is despite the fact that a quarter of employees have experienced either a data breach, cyber-attack or both, during their careers.  

Key findings  

The top five industries least likely to know where their security policy is saved

Sector Don’t know where security policy is saved
Marketing, advertising and PR 64%
Hospitality and events management 56%
Performing arts 55%
Law enforcement and security 52%
Publishing and journalism 50%

Top five sectors affected

Sector Experienced data breach Experienced cyber-attack Experienced both (Combined)
Information research and analysis 27% 27% 18% 73%
Law enforcement and security 7% 48% 10% 66%
Environment and agriculture 5% 40% 10% 55%
Leisure, sport and tourism 7% 37% 4% 48%
Business, consulting and management 17% 13% 8% 38%

  The top five companies that haven’t been trained on GDPR

Sector Haven't been trained on GDPR
Hospitality and Events Management 55%
Media and Internet 45%
Marketing, Advertising and PR 44%
Engineering and Manufacturing 41%
Property and Construction 40%

 Gavan Doherty, CEO of 247meeting says: “GDPR is of crucial importance for any company with access to customer data, however, it is something that many are still lacking in compliance with. All companies, brands and agencies need to prepare for something like a cyber-attack or data breach to fully ensure that customer and company data will be protected in these extreme cases.”  

Discussing what companies should do, Doherty advises: “In light of the BA-hack scandal, doing simple practices like training employees on the importance of protecting data or having refreshers every quarter will help to remind workers of what they need to do in an emergency. In most cases of a hack, the communications team will need to inform the public on what is happening and as long as there is a plan put in place for this kind of event, customers will feel more at ease.”  

Doherty concludes that protecting data is not just important for the IT division, PR employees must be made aware too: “As much as preventing hacks and breaches is crucial for a company’s IT team, having a crisis-response plan in place for such attacks is also crucial for comms teams.”  


The study surveyed 2,000 workers (in an office environment) on OnePoll to find out if any of their daily tasks were affecting the security in their workplace. These results are also broken down by age range, nearest city, sector, job level and working remotely.

If you enjoyed this article, sign up for free to our twice weekly editorial alert.

We have six email alerts in total - covering ESG, internal comms, PR jobs and events. Enter your email address below to find out more: