The majority of businesses in Ireland are not prepared for the upcoming General Data Protection Regulation (GDPR), according to a Data Sec 2017 survey, carried out in advance of the GDPR focused event which takes place on Wednesday May 3rd in the RDS Concert Hall in Dublin.
The survey found that just 6% of Irish businesses are at an advanced stage in their preparations for the new data protection laws. These findings come amidst warnings to businesses that the time is now to get ready for the GDPR.
GDPR will come into force on May 25th 2018 and presents businesses of all sizes involved in the processing of personal data with a mandate to review and change company policies and practices.
Non-compliance could see businesses or organisations facing fines of up to €20,000,000 or 4% of annual global turnover, whichever is greater. Organisations are also at risk of reputational damage and civil cases against them over the use of personal data, unless they become GDPR compliant.
Although three quarters are aware of the implications of GDPR for their business, 40% of those surveyed are not executing plans for GDPR compliance.
Only half of respondents have put a dedicated staff member in place to oversee the process of becoming GDPR compliant, a vital part of preparing for the wide-scale changes that most organisations will be obliged to make. In the absence of a dedicated staff member, tasks that are crucial to compliance may be missed. For example, in the case of 60% of respondents, the crucial task of updating the company's customer facing privacy message has not been done.
Sixteen per cent of businesses surveyed for Data Sec 2017 are working within a budget of €100k+ for GDPR compliance while the majority (61%) will be spending €5,000-10,000. One third of respondents reveal that their GDPR plan is not integrated with their IT security infrastructure with only 16% saying it is fully integrated.