Research Suggests Half of Irish Businesses Unprepared for GDPR

New research has suggested that over half of Irish businesses are unprepared for the impending implementation of the General Data Protection Regulation (GDPR). Under the regulation, which is due to come into force on 25 May, organisations are required to document records of data processing, yet according to the research published by professional services firm EY, 16 per cent of companies have not started this process despite enforcement coming into effect so soon.

Furthermore, the research found, four in ten companies who are planning to hire a Data Protection Officer (DPO) have not yet done so, 54 per cent of businesses in Ireland in general do not know if the consent they hold to use their consumers’ personal data is compliant with GDPR.

Speaking about the survey findings Carol Murphy, Director, Advisory, EY Ireland, said: “GDPR carries stiff financial penalties for non-compliance, up to 4 per cent of turnover or €20 million – whichever is greater. With the greater sensitivity around privacy that has emerged in recent years, the reputational issues that accompany any breaches of GDPR have also become a serious risk. Of the companies surveyed, half have not yet undertaken a review of their third party contracts. This leaves companies exposed should they experience a breach within their supply chain, even if it is outside the organisation given that the regulation places equal accountability requirements on both data controllers and processors.”