Just 15 per cent of Irish businesses believe they are fully compliant with GDPR
Irish businesses continue to face challenges in complying with the GDPR six years on from its introduction, according to new research by Forvis Mazars and McCann FitzGerald LLP.
A survey conducted by Ipsos B&A found just 15 per cent of businesses considered their organisation to be “fully compliant” with the legislation, while a further 58 per cent indicated their organistaion was “materially compliant” and 25 per cent said their organisation was “somewhat compliant”.
In order to achieve their compliance targets, half of the businesses surveyed believe they need more resourcing, financial investments or further expertise in this space.
The research also found that 82 per cent of respondents believe the risks associated with GDPR non-compliance are increasing, with respondents citing ‘reputational risk’ as the most important factor in determining an organisation’s data protection risk appetite, followed by ‘fear of fines’.
Eight in 10 (81 per cent) of the businesses surveyed say they intend to improve their compliance status.
GDPR and Digital Legislation: A Survey of the Impact and Effect on Organisations in Ireland is the eighth edition of the Forvis Mazars and McCann FitzGerald annual survey on the impact of GDPR on organisations in Ireland.
The two firms were joined by Graham Doyle, deputy commissioner in the Data Protection Commissioner, at this morning’s launch event at McCann FitzGerald’s offices.
As well as examining the latest perceptions among Irish businesses regarding GDPR compliance, the report also assesses awareness and readiness for a wave of new legislative developments from the European Union in response to rapid technological changes.
Nearly two-thirds (60 per cent) of those surveyed are concerned about new digital legislation, including DORA (the Digital Operational Resilience Act), the AI Act, the Data Act, the Data Governance Act, the Digital Services Act, the Online Safety and Media Regulation Act, the Digital Markets Act, the Network and Information Security Directive 2 (NIS2) and the Cyber Resilience Act.
There is also a high degree of uncertainty regarding the new legislation with many respondents being unsure of their applicability to their business, which suggests further education and awareness is required within organisations.
Liam McKenna, partner in consulting services at Forvis Mazars, said: “This survey underscores the essential need for organisations to remain up to date with both current and forthcoming regulations in the digital space. Irish businesses must diligently maintain their compliance initiatives, particularly amid the significant financial and reputational risks at stake.
“Although GDPR regulations were implemented in 2018, that only 15 per cent of Irish companies are fully compliant is a concern for Irish business, particularly in light of further digital legislation coming down the tracks including the Digital Operational Resilience Act (DORA), AI Act, Data Act, and Digital Services Act, among others.
“Irish companies therefore need to urgently focus on GDPR adherence, while actively gearing up for new legislative requirements.”
Paul Lavery, partner at McCann FitzGerald LLP, added: “The effectiveness of the GDPR as one of the toughest data privacy laws in the word is perhaps evidenced by the fact that organisations are still actively working on improving their compliance six years on.
“It is much more than a tick the box exercise and staying on the right side of these complex requirements will require ongoing attention and focus by Irish organisations.
“The good news is that this experience will serve businesses well as they prepare for new legislation coming down the track from the European Union.
“Legislating for rapidly changing technologies such as AI is no easy task, and we can expect regulations around data, AI, cyber resilience, information security and digital services to continue to evolve in the coming years.”