PwC has released its latest research on aspects of GDPR compliance amongst Irish business leaders, which shows that one third (33%) of survey respondents said they would not be appointing a Data Privacy Officer (DPO) as part of their GDPR Programme .
The survey was conducted in late February 2018 having nearly 100 respondents.
The research shows that one in four (41%) said that they have already invested up to €50,000 in relation to GDPR compliance; a similar proportion (39%) said they have invested between €50,000 and €500,000 and one in five have invested over €500,000.
Just over half (54%) see real business benefits emerging from GDPR compliance, but a sizeable proportion (46%) still see no benefits arising. Amongst the benefits identified include: reputation and good governance; enhanced security practices; improved communication with customers; a focus on rationalising systems and archives; clarity on data retention; better customer data and client trust.
According to the survey, some of the most difficult aspects of preparing for GDPR compliance include: awareness of the consequences; interpretation of some aspects of the rules; clarity around the requirements; changing culture and mindsets, resources; new software and additional training; lack of clear direction and guidance; interpretation of how the GDPR applies; 3rd party processors; preparation of Information Asset Register; data retention and mapping; establishing all personal data sources, deleting data; updating client contracts including with processors; and additional regulatory burden on the back of MiFID II.
PwC's Cyber Leader, Pat Moran said, "Getting ready for GDPR is essential and required by law. While it may also be a costly exercise, especially for many SMEs, penalties for non-compliance will be far greater. At a basic level, companies need to invest time to look at what data they have, why they have it and whether they still need it."
He added, "I would advise any organisation to invest the time and resources, including considering getting outside help, to help put in place their GDPR strategy and ensure the organisation has a risk-based approach as we get closer to 25 May this year."