Only six per cent of Irish businesses have advanced GDPR plans

A survey by the newspaper found that four out of 10 businesses have not initiated GDPR plans and fewer than one in 10 have plans at an advanced stage.

The GDPR, which becomes law across the EU in May 2018, provides for heavy penalties for companies that are in breach of the regulation and includes fines of up to 4 per cent of global turnover or €20 million (whichever is greater) in the case of a breach.

Although 75 per cent of the 89 CEOs, IT and privacy managers surveyed are aware of the consequences of non-compliance, only 6 per cent say they have advanced plans to implement the GDPR.

Half have not appointed a dedicated staff member to oversee the process and 60 per cent said they had not completed essential tasks such as updating their company’s customer-facing privacy message.

Daragh O Brien, MD of information governance company Castlebridge, told the Irish Independent that organisations who are not at an advanced stage of preparation “should accept that you will almost certainly not be fully compliant in time”.

He added: “This is not a case of changing some software, it is a cultural change within your organisation - it is people, it is work practices and it is documenting those work practices, and identifying and managing risks. What you should begin by doing is auditing your current work practices and start by addressing the most immediate risks.”