Irish organisations struggle to comply fully with GDPR

Some 62% of organisations say regulation places excessive administrative burden on them

Only 69 per cent of organisations said they carry out periodic reviews of their records of processing activities

Only 69 per cent of organisations said they carry out periodic reviews of their records of processing activities

 

Just 8 per cent of Irish organisations believe they are fully compliant with EU digital privacy regulations, according to a new survey.

Some 18 months after the introduction of General Data Protection Regulation (GDPR), the study shows that companies are still struggling to come to grips with the legislation. The number of organisations reporting a data breach to authorities rose to 71 per cent among those surveyed from 51 per cent last year.

Under GDPR, data regulators have the power to fine companies up to 4 per cent of their global turnover of the previous year or €20 million, whichever is greater, for violating the law.

The survey of 100 organisations, which was carried out late last year on behalf of McCann FitzGerald and Mazars, indicates that senior management do not appear to be leading on GDPR. Just 44 per cent of those surveyed said they feel their chief executives are fully engaged with the legislation and its possible impact on their organisation.

The study also reveals that many organisations are not engaged in proactive activities that aid GDPR compliance. Only 69 per cent of organisations said they carry out periodic reviews of their records of processing activities, while around 18 per cent have not defined internal roles and responsibilities for data protection.

Respondents, a majority of whom were employed in organisations of more than 250 employees, span the financial services, public, technology, and other sectors.

Data breach reporting

According to the survey, while 71 per cent of organisations reported a data breach to the Data Protection Commission (DPC), or another supervisory authority last year, only 59 per cent also alerted those who might be impacted by the breach.

Overall, 94 per cent of organisations said they were more compliant with data privacy regulations than before the introduction of GDPR. Of these, 68 per cent said they believed they were ‘materially compliant’ with the legislation.

Some 62 per cent of organisations said GDPR places an excessive administrative burden on them.

New figures published earlier in the week revealed that more than 6,700 data breaches were notified to the DPC last year, the second highest level of notifications recorded per capita across Europe.