14 Nov 2017 | 07.59 am
New Report On GDPR Readiness
W5 research for Mazars and McCann FitzGerald
14 Nov 2017 | 07.59 am
With just six months to go before the implementation of the General Data Protection Regulation (GDPR) next May, Irish businesses appear to be finally making real steps to get ready according to a report by Mazars and McCann FitzGerald.
This wake-up is shown in the fact that 95% of businesses now believe that meeting the compliance requirements for GDPR will be challenging, an increase of 13 points on the 2016 score. But at the same time, the report says “there continues to be a serious level of difficulty for Irish businesses in complying with the new requirements”.
The big improvement is that three out of four organisations have mobilised to tackle the requirements of the GDPR, up from only one in six last year.
The conclusions are based on research carried out by W5, a quantitative online survey of senior figures with responsibility for the compliance and data protection functions in Irish business. The sample size was just 56 respondents.
Mazars partner Liam McKenna said: “While we’ve seen some improvements from businesses in the previous 12 months, there is still a lot of work to be done so that businesses are ready for GDPR next May. Organisations need as a matter of urgency to review their internal procedures and controls in light of the impending changes, or they are risking severe penalties from non-compliance.”
Specific concerns around GDPR implementation include the difficulty in complying with requirements for international transfers. Here, 89% expecting to find it challenging to extremely challenging, while 64% think that the more explicit ‘right to be forgotten’ will be very or extremely challenging. Two=thirds of respondents expect the right to data portability to apply to their organisation’s activities and a majority believe that facilitating that right will be challenging or very challenging.
With regard to actions taken to prepare, one in three organisations in this small survey have yet to appoint a Data Protection Officer as is required for certain firms under the new regulation. However, four out of five organisations surveyed have executive or CEO level sponsorship of GDPR compliance programmes.
In terms of notification procedures, 84% now have a policy to notify data subjects in the event of a personal data security breach, a 15% increase on last year, and 85% have a policy to notify the local data protection authority, again up 4% since 2016. The full report is available from the McCann Fitzgerald website.
Photo: Liam McKenna of Mazars (right) with Paul Lavery of McCann FitzGerald. (Pic: Conor McCabe Photography)