23 January 2020
Irish Organisations Struggle to Comply Fully with GDPR
71% of companies say that they reported a personal data breach to the Data Protection Commission (DPC), or another supervisory authority, last year, while only 8% believe they are ‘fully compliant’ with the General Data Protection Regulation (GDPR).
The findings come from a survey on the impact of GDPR on organisations in Ireland, jointly published by McCann FitzGerald and Mazars.
While only 8% of organisations believe they are ‘fully compliant’ with GDPR, a further 68% believe they are ‘materially compliant’. Almost a quarter (24%) of companies, however, say they are only ‘somewhat compliant’. Nevertheless, 94% of respondents claim their organisations are more compliant than they were at the introduction of GDPR in May 2018.
Responses suggest that many organisations do not engage in activities usually considered integral to achieving GDPR compliance. Only 69% of organisations say they carry out periodic reviews of their records of processing activities, while around one-fifth (18%) have not defined internal roles and responsibilities for data protection.
In many companies senior management does not appear to be leading on GDPR, with less than half (44%) of respondents seeing their CEOs as strongly engaged on GDPR compliance and data privacy.
The 71% of organisations that reported a personal data breach represents an increase from 51% in 2018, while only 59% of organisations in 2019 reported a personal breach to affected data subjects.
Respondents, a majority of whom were employed in organisations of more than 250 employees, span the financial services, public, technology, and other sectors.
The results of the survey were launched at our Dublin office on Wednesday 22 January at an event which heard from speakers from Mazars, as well as Deputy Data Protection Commissioner Graham Doyle.
Speaking at the launch, Paul Lavery, Partner and Head of Technology & Innovation at McCann FitzGerald said:
“It is clear that a majority of organisations have some work to do to achieve compliance with GDPR. Given the substantial fines that may be levied for GDPR breaches, it is crucial that organisations get internal policies and procedures on GDPR right to protect themselves from this risk.”
Remarking on the result that almost two-thirds (61%) of respondents feel that GDPR places an excessive administrative burden on organisations, up 5% on last year’s survey, Partner at Mazar’s Consulting Services practice, Liam McKenna said:
“This unfavourable view of GDPR implementation may make it more challenging to initiate new compliance activities within organisations. A higher level of CEO engagement in this area may be necessary to drive the data protection agenda and achieve full GDPR compliance.”
To download a full copy of the report, please click here.