McCann FitzGerald: Most Irish organisations want GDPR to be reformed
Most Irish organisations believe the GDPR is in need of reform as compliance is too expensive and difficult, according to a survey published by McCann FitzGerald LLP and Mazars.
The two companies have published their latest annual survey on the impact and success of the GDPR, which comes five years on from its introduction across Europe.
A majority of organisations (54 per cent) said reform was necessary, with two-thirds (66 per cent) saying the costs of GDPR compliance are greater than those envisaged in 2018 and almost half (45 per cent) saying supervisory authorities interpret the GDPR in a way that makes compliance more difficult to achieve.
Most respondents agreed that complainants should be required to attempt to resolve complaints with the organisation processing their data before initiating a complaint with the Data Protection Commission (75 per cent) and that data subjects should be required to pay a reasonable fee for making a data subject access request (52 per cent).
Despite this appetite for reform, there is general belief that the GDPR has operated as a largely positive force.
Strong agreement that the GDPR is beneficial for individuals is up 20 percentage points to 46 per cent since 2018 (81 per cent agree or strongly agree), while strong agreement that GDPR compliance is beneficial for organisations’ long-term relations with stakeholders such as employees and customers is up 14 percentage points to 34 per cent since 2018 (75 per cent agree or strongly agree).
The general public, who formed part of this survey for the first time, demonstrated conflicting views about data protection. A large majority (80 per cent) said they are more concerned about their online privacy now as compared to five years ago and 78 per cent agreed they are likely to purchase from organisations that have a good record in how they handle customers’ data.
However, roughly half of all customers (49 per cent) are willing to forgo some level of data protection if the product or service is very appealing, pointing to an appetite by a large portion of users of certain services, such as social media apps, to forgo some level of data protection to access these services.
Respondents from the general public also point to a potential need to simplify or more clearly communicate messages on data protection and the GDPR. Nearly two-thirds (65 per cent) of members of the public agreed that organisations make it difficult to understand their approach to data protection, while one-in-four (24 per cent) said they had either never heard of the GDPR or knew very little about it.