Irish businesses continue to face challenges in complying with the General Data Protection Regulation (GDPR), six years on from its introduction, according to new research.
The findings were presented by Forvis Mazars and McCann FitzGerald LLP in their latest joint survey ‘GDPR and Digital Legislation: A Survey of the Impact and Effect on Organisations in Ireland’ (17 July)
The research, which was conducted by Ipsos B&A, found that just 15% of businesses consider their organisation to be fully compliant with the legislation, which is billed as the toughest privacy and security law in the world.
A further 58% of respondents indicated their organisation was materially compliant, and 25% say their organisation was somewhat compliant.
To achieve compliance targets, half of the businesses surveyed believe they need more resourcing, financial investments or further expertise.
Increasing risk
The research also found that 82% of respondents believe the risks associated with GDPR non-compliance are increasing, with respondents citing reputational risk as the most important factor in determining an organisation’s data-protection risk appetite, followed by fear of fines.
Eight in 10 (81%) of the businesses surveyed say they intend to improve their compliance status.
This is the eighth edition of the Forvis Mazars and McCann FitzGerald LLP annual survey on the impact of GDPR on organisations in Ireland.
The report also assesses awareness and readiness for a wave of new EU legislative developments in response to rapid technological changes.
Findings show that 60% of those surveyed are concerned about the impact of new digital legislation on their organisation, which includes:
- DORA (Digital Operational Resilience Act),
- AI act,
- Data act,
- Data Governance act,
- Digital Services act,
- Online Safety and Media Regulation act
- Digital Markets act,
- Network and Information Security Directive 2 (NIS2), and
- Cyber Resilience act.
There is also a high degree of uncertainty regarding the new legislation with many respondents being unsure of their applicability to their business, which suggests further education and awareness is required.
Key findings
- 82% of respondents agree that the risks associated with GDPR non-compliance are increasing, up from 70% in last year’s survey,
- 81% intend to improve their compliance status,
- 59% are concerned about the prospect of being fined for GDPR non-compliance, compared to 58% last year,
- 47% agree that working to comply with GDPR has delivered many benefits for their organisation, up from 34%,
- Over half of the respondents (52%) say that their chief executive is strongly engaged in GDPR compliance and data privacy, compared to 50% in 2023,
- Six out of 10 respondents are concerned about upcoming digital legislation,
- 63% of respondents indicated that the AI act will apply to their organisation.
Liam McKenna of Forvis Mazars said: “This survey underscores the essential need for organisations to remain up to date with both current and forthcoming regulations in the digital space. Irish businesses must diligently maintain their compliance initiatives, particularly amid the significant financial and reputational risks at stake."
Concern
“Although GDPR regulations were implemented in 2018, that only 15% of Irish companies are fully compliant is a concern for Irish business, particularly in light of further digital legislation coming down the tracks.”
McCann FitzGerald partner Paul Lavery added: “The effectiveness of the GDPR as one of the toughest data privacy laws in the word is perhaps evidenced by the fact that organisations are still actively working on improving their compliance six years on.
“It is much more than a tick the box exercise and staying on the right side of these complex requirements will require ongoing attention and focus by Irish organisations.”
Lavery said that this experience will serve businesses well as they prepare for new legislation coming down the track from the European Union.