The world of Board Management Software is no different from the broad software world: most top-notch solutions are US-based. Despite their merits, are they a right fit for European companies? How do they perform on the legal and security aspects?
As all chairpersons and secretaries know, Managing Board meetings is a delicate task. At the heart of the issue lies confidentiality: how is it possible to make sure the sensitive information shared with Board members and the discussions before and after the meetings remain confidential ?
Most Board Management Software solutions stem from that necessity. Regardless of their origin, they create an environment that will enforce all the necessary precautions. But is this all you need to care about when selecting a solution? We believe there are two other issues at stake: cultural differences and data protection.
When board management is concerned, Culture matters ...
Corporate cultures are very different on both sides of the Atlantic, and that can influence the way corporate governance applications work. For example, it is quite common in the United States to have the same person acting as Chairman of the Board and CEO, while it is rarely the case in Europe, even in the United Kingdom, traditionally closer to the US legal and financial system. This can have consequences on, for example, the way the agenda is defined and the nature and extent of the information shared with the other Board members. On the other hand, independent Board members are more common in the United States than in Europe, where the practice is slowly taking root. This may also affect information sharing and confidentiality issues. Nothing enough customizable access granularity and permissions can solve, though.
... and Rules too
On the other hand, more than culture, it’s the differing legal frameworks that matter. While the legislation on corporate governance is relatively unified in the United States, Europe is still much of a legal patchwork. There are two overarching European corporate models with a lot of variants in between. While the UK model is quite similar to the United States, a size-able part of continental Europe has roots in the so-called German model, where workers and other stakeholders are given a say in defining the strategy and supervising management. At its purest, the German model implies two Boards. Beside the Board itself, there is a Supervisory Board where workers’ representatives and other stakeholders have more say, and also more sway on who gets nominated to the Board. In most European countries, the only company executive allowed by law to sit on the Board is the CEO, while American Boards allow more managers. All these differences have an impact on information-sharing, but also on voting models. Are US Board Management Software sufficiently flexible to accommodate these differences? This is a question worth considering when deciding on which software to rely.
When GDPR compliance is NOT enough
But the biggest area of concern is data privacy and security. Granted, most US-based software claim to be GDPR-compliant. And indeed, the developers have gone through great lengths to make sure that the way they collect, store and protect data is indeed compliant with GDPR. But there is an underlying problem: the so-called Data Privacy Shield.
Introduced in 2016, the Data Privacy Shield, or EU-US Privacy Shield, is a framework that ensures personal data transferred on servers located in the United States are protected according to GDPR requirements. However, this framework has been invalidated in 2020 by a judgement of the European Court of Justice (ECJ). This was the first judgement in a series of lawsuits initiated by a European privacy activist named Maximillian Schrems. Schrems was concerned that some US security agencies were able to legally require US companies to disclose any data located on their servers whenever they had grounds to suspect illicit activities. As a result, Schrems claimed, the protection provided in the United States was not equivalent to that granted in Europe by GDPR. The ECJ confirmed he was right. As a result, most legal experts consider that the Data Privacy Shield is not sufficient, and that any personal data (the names of Board Members, for example) stored on US servers is in breach with GDPR. The EU and the United States are still negotiating to find a suitable solution, but haven’t reached an agreement so far.
While most of the information provided to Boards could theoretically be expunged of personal data, the task would probably be too costly to be manageable. Just imagine how Board meeting minutes would have to be edited to have all names and personal details masked. Besides, a simple email address is already considered personal data, which means even accessing a US platform in a GDPR-compliant way would be virtually impossible.
Choosing an European board management software is the safest bet
The world of Board Management Software is no different from the broad software world: most top-notch solutions are US-based. Despite their merits, are they a right fit for European companies? How do they perform on the legal and security aspects?
Safety matters. So does ease of use. What about making board management totally effortless.
