Fewer than one in five affected Irish businesses ready for GDPR

Fewer than one in five Irish businesses who have identified GDPR as a significant issue are well prepared for the new regulations, according to a new report commissioned by A&L Goodbody.

The new report, jointly commissioned by the law firm and business body Ibec, found that 87 per cent of Irish businesses consider the upcoming EU General Data Protection Regulation (GDPR) to be a significant issue.

As many as 61 per cent of businesses have already begun a programme to ensure compliance by the May 2018 roll-out date.

However, of those for whom GDPR is identified as a significant issue, under one in five (19 per cent) feel they are well prepared.

John Whelan, partner at A&L Goodbody, said: “GDPR needs to be top of the board room agenda. There has been much publicity and activity around the technical aspects of GDPR readiness.

“However, senior management also need to focus on the legal obligations and responsibilities – in particular the personal responsibilities and liability of directors, and their statutory and fiduciary duties. The reputational aspects of a breach of the GDPR, and the new relationship that will emerge between senior level management within organisations and the Regulator, will be key.

“The GDPR represents the biggest change to data protection law in over twenty years and with it brings the immense need for cultural change within organisations.”

Erik O’Donovan, head of digital economy policy at Ibec, said: “This collaborative report with A&L Goodbody, forms part of a wider ongoing Ibec campaign, Mind Your Business; Prepare for GDPR, that works to raise the awareness to the business community of their obligations under the GDPR.

“The GDPR seeks to safeguard the privacy rights of individuals in relation to the processing of their personal data by organisations. While the results of today’s report highlight many positive actions currently being undertaken by Irish business, it also reveals that just under 40 per cent of companies surveyed have not yet begun a programme to ensure compliance by May 2018.

“It is imperative that this is amended, as the GDPR will have significant and wide ranging impacts, including fines of up to 4 per cent of global turnover or €20m (whichever is greater) in the case of a breach.”