The world of Board Management Software is no different from the broad software world: most top-notch solutions are US-based. Despite their merits, are they a right fit for European companies? How do they perform on the legal and security aspects?
As all chairpersons and secretaries know, Managing Board meetings is a delicate task. At the heart of the issue lies confidentiality: how is it possible to make sure the sensitive information shared with Board members and the discussions before and after the meetings remain confidential ?
Most Board Management Software solutions stem from that necessity. Regardless of their origin, they create an environment that will enforce all the necessary precautions. But is this all you need to care about when selecting a solution? We believe there are two other issues at stake: cultural differences and data protection.
When board management is concerned, Culture matters ...
Corporate cultures are very different on both sides of the Atlantic, and that can influence the way corporate governance applications work. For example, it is quite common in the United States to have the same person acting as Chairman of the Board and CEO, while it is rarely the case in Europe, even in the United Kingdom, traditionally closer to the US legal and financial system. This can have consequences on, for example, the way the agenda is defined and the nature and extent of the information shared with the other Board members. On the other hand, independent Board members are more common in the United States than in Europe, where the practice is slowly taking root. This may also affect information sharing and confidentiality issues. Nothing enough customizable access granularity and permissions can solve, though.
... and Rules too
On the other hand, more than culture, it’s the differing legal frameworks that matter. While the legislation on corporate governance is relatively unified in the United States, Europe is still much of a legal patchwork. There are two overarching European corporate models with a lot of variants in between. While the UK model is quite similar to the United States, a size-able part of continental Europe has roots in the so-called German model, where workers and other stakeholders are given a say in defining the strategy and supervising management. At its purest, the German model implies two Boards. Beside the Board itself, there is a Supervisory Board where workers’ representatives and other stakeholders have more say, and also more sway on who gets nominated to the Board. In most European countries, the only company executive allowed by law to sit on the Board is the CEO, while American Boards allow more managers. All these differences have an impact on information-sharing, but also on voting models. Are US Board Management Software sufficiently flexible to accommodate these differences? This is a question worth considering when deciding on which software to rely.
When GDPR compliance is NOT enough
But the biggest area of concern is data privacy and security. Granted, most US-based software claim to be GDPR-compliant. And indeed, the developers have gone through great lengths to make sure that the way they collect, store and protect data is indeed compliant with GDPR. But there is an underlying problem: the so-called Data Privacy Shield.
Introduced in 2016, the Data Privacy Shield, or EU-US Privacy Shield, is a framework that ensures personal data transferred on servers located in the United States are protected according to GDPR requirements. However, this framework has been invalidated in 2020 by a judgement of the European Court of Justice (ECJ). This was the first judgement in a series of lawsuits initiated by a European privacy activist named Maximillian Schrems. Schrems was concerned that some US security agencies were able to legally require US companies to disclose any data located on their servers whenever they had grounds to suspect illicit activities. As a result, Schrems claimed, the protection provided in the United States was not equivalent to that granted in Europe by GDPR. The ECJ confirmed he was right. As a result, most legal experts consider that the Data Privacy Shield is not sufficient, and that any personal data (the names of Board Members, for example) stored on US servers is in breach with GDPR. The EU and the United States are still negotiating to find a suitable solution, but haven’t reached an agreement so far.
While most of the information provided to Boards could theoretically be expunged of personal data, the task would probably be too costly to be manageable. Just imagine how Board meeting minutes would have to be edited to have all names and personal details masked. Besides, a simple email address is already considered personal data, which means even accessing a US platform in a GDPR-compliant way would be virtually impossible.
Choosing an European board management software is the safest bet
The world of Board Management Software is no different from the broad software world: most top-notch solutions are US-based. Despite their merits, are they a right fit for European companies? How do they perform on the legal and security aspects?
Safety matters. So does ease of use. What about making board management totally effortless.
Considering Local Solutions
While the U.S. might be a leader in the software world, including Board Management Software, the emerging complexities in data privacy and governance regulations suggest that local solutions might be more suitable for EU-based companies. There are software solutions created within the EU that are not just in alignment with the local data privacy regulations but also culturally more compatible with European corporate governance practices.
Software Tailored to European Context
These EU-based solutions incorporate the nuances of the different corporate models across European nations. They understand the specifics of the two-board structure, common in countries following the German model, and can accommodate such complexities more efficiently than their U.S. counterparts. Whether it's the diverse composition of the board, voting models, or the dynamic of information sharing, local software solutions can be more adaptable to these distinct European practices.
Overcoming the Data Privacy Challenge
The invalidation of the EU-US Privacy Shield by the ECJ has thrown a spanner in the works for companies looking to use US-based software solutions. Although most US-based software developers have ensured GDPR compliance, the Privacy Shield debacle has cast doubts on whether data stored on US servers can meet GDPR standards. This presents a significant concern for Board Management Software users, as these platforms inherently deal with a substantial amount of personal data.
Turning to EU-based Software Solutions
Given the legal complexities and potential data privacy concerns, it might be safer for EU companies to opt for EU-based Board Management Software. These software solutions are designed with an understanding of the European corporate and data privacy landscape and can potentially bypass the uncertainties presented by the current US-EU data transfer situation.
Conclusion: Safeguarding Data, Prioritizing Ease of Use
Data privacy should be non-negotiable, especially when it comes to Board Management Software. While U.S. solutions have their merits, EU companies need to seriously consider the legal and data privacy implications of their choice. European Board Management Software solutions offer a viable alternative, ensuring compliance with local regulations while providing a user-friendly interface. Remember, the right software not only simplifies board management but also aligns with your organization's values and needs. So, choose wisely and make board management an effortless process.
