The EU’s general data protection regulation (GDPR) enters into force on 25 May, but a report shows less than half of Irish businesses are fully prepared for the law to take effect.
The survey polled leaders of more than 350 Irish businesses, and found that while data security was listed as a priority for 80% of those asked, 32% said that their companies only began preparing for the GDPR to enter into force in the last three months, and 12% began their preparations in just the last month.
Most businesses also indicated that they have – or are planning to – increased training available for staff, although 35% said that they had not yet trained staff in data protection and security. In terms of expenditure, 28% of companies said they plan to spend up to €10,000 on ensuring compliance with GDPR, while 41% have allocated up to €50,000 to the process.
What should companies know about GDPR compliance?
Ireland’s data protection commissioner, Helen Dixon, emphasised that all companies should understand the comprehensive new regulation, which will have an impact at all levels, in the public and private sectors, and for organisations of all sizes.
She said: “The obligations in the new EU GDPR apply directly to every organisation in Ireland from 25 May, 2018. This means all public, private and voluntary organisations of every size need to be familiar with the requirements around what information must be given to all individuals when their personal data is being collected, used and stored and with the rights individuals have in relation to controlling how their personal data is treated.”
Businesses and organisations that fail to comply with the new GDPR regulations could face a fine of up to €20m, or 4% of their annual global turnover. Thankfully, some 75% of company directors said that they have a ‘good to excellent’ understanding of the regulation, which suggests that a majority of Irish businesses will, with sufficient investment, be able to meet the regulations when they enter into force.
