21 January 2021

GDPR Survey Results 2021: 80% of Companies Say Working from Home Creates Data Protection Risks

80% of organisations believe that large-scale remote working during the COVID-19 pandemic has created additional data protection risks, but despite this, only 55% have implemented new procedures or policies to manage those risks.

article image

The survey, which is in its fifth year, is jointly published today by McCann FitzGerald and international audit, tax and advisory firm, Mazars, also found that just over half (51%) have stopped their employees using free communications tools that do not provide adequate data protection.

Despite this, compliance with the GDPR appears to be improving, with 80% of organisations saying they are materially or fully compliant with the Regulation, up 4% on last year. Companies’ attitudes towards the GDPR are also warming, with 75% of organisations now believing compliance has benefits for their relations with employees, customers, and other stakeholders, up from 58% in 2019.

Less than half of respondents (46%) were concerned about the prospect of being fined for GDPR non-compliance and unsurprisingly, therefore, numerous areas of concern remain, with many organisations not undertaking actions that are fundamental for GDPR compliance. One-in-ten (9%) say they still do not log personal data breaches, while one-in-five (21%) say they do not conduct reviews of records of data processing activity. Only 51% of organisations reported conducting third party risk assessments, and just 36% require the completion of questionnaires by third-parties confirming compliance.

Respondents had an average of 236 employees in Ireland, spanning the financial services, public, technology, and other sectors.

Paul Lavery, Partner and Head of Technology & Innovation at McCann FitzGerald said:

“Large-scale remote working poses data protection challenges for organisations, and it is unsurprising to find widespread concern on this issue. Remote working policies, including those dealing with confidentiality and IT security, as well as the software used by employees when working from home, should be urgently reviewed to ensure they are fit-for-purpose and support adequate security.”

Remarking on the fact that many organisations still appear not be undertaking activities crucial for GDPR compliance, Partner at Mazars Consulting Services practice, Liam McKenna said:

“While more and more organisations seem to view the GDPR positively, large numbers are still failing to complete mandatory compliance activities such as periodic reviews and the maintenance of logs. These organisations are running a real risk of incurring fines, as well as serious reputational damage, unless they move quickly to address these shortfalls.”

To download a full copy of the report, please click here.

Key contacts