Mazars and McCann FitzGerald have released their second annual report on the readiness of Irish businesses for the General Data Protection Regulation (GDPR) which comes into force from May 2018.
The report shows that with just over 6 months to go, there continues to be a serious level of difficulty for Irish businesses in complying with the new requirements, though Irish businesses appear to be finally making real steps to get ready.
In the year since the first report, 95% of businesses now believe that meeting the compliance requirements of the GDPR will be challenging or extremely challenging, an increase of 13%. However, 73% of organisations have now mobilised to tackle the compliance requirements of the GDPR, up from only 16% in 2016.
The research indicates that despite the significant rise in work being undertaken it seems that businesses are only now beginning to realise what the GDPR entails and how it affects them, with 75% now believing that their current data protection and privacy notices and methods of consent will require significant changes, an increase of 42% on last year.
Specific concerns around GDPR implementation include the difficulty in complying with requirements for international transfers, with 89% expecting to find it challenging to extremely challenging. Sixty four percent think that the more explicit ‘right to be forgotten’ will be very or extremely challenging, a 9% increase on 2016. Sixty two percent expect the right to data portability to apply to their organisation’s activities, while 65% believe that facilitating that right will be challenging or very challenging.
Commenting on the research, Partner and Head of Technology & Innovation at McCann FitzGerald, Paul Lavery said, "It’s great to see that the number of companies who have begun a GDPR-readiness project has increased but there are still a significant number who have yet to implement a strategy. It’s not too late and we would encourage those that haven’t started to avoid burying their heads in the sand, because the consequences for non-compliance will be extremely costly. This includes large fines and even proposed personal liability for directors. For businesses, the potential damage to reputation may be even more dissuasive than any fine."