Nearly three-quarters (71 per cent) of companies say they reported a personal data breach to the Data Protection Commission (DPC) or another supervisory authority last year, while only eight per cent believe they are “fully compliant” with the GDPR.

Over two-thirds (68 per cent) say they are “materially compliant” with the GDPR, and almost a quarter (24 per cent) say they are only “somewhat compliant”.

Nevertheless, 94 per cent of respondents claim their organisations are more compliant than they were at the introduction of GDPR in May 2018.

Only 69 per cent of organisations say they carry out periodic reviews of their records of processing activities, while around a fifth (18 per cent) have not defined internal roles and responsibilities for data protection.

In many companies, senior management does not appear to be leading on GDPR, with less than half (44 per cent) of respondents seeing their CEOs as strongly engaged on GDPR compliance and data privacy.

The 71 per cent of organisations that reported a personal data breach represents an increase from 51 per cent in 2018, while only 59 per cent of organisations in 2019 reported a personal breach to affected data subjects.

Respondents, a majority of whom were employed in organisations of more than 250 employees, span the financial services, public, technology, and other sectors.

Speaking at the launch of the survey yesterday, Paul Lavery, partner and head of technology and innovation at McCann FitzGerald, said: “It is clear that a majority of organisations have some work to do to achieve compliance with GDPR.

“Given the substantial fines that may be levied for GDPR breaches, it is crucial that organisations get internal policies and procedures on GDPR right to protect themselves from this risk.”