Irish businesses continue to struggle with GDPR compliance six years after the EU data protection regime came into force, according to research from Forvis Mazars and McCann FitzGerald.
The study, which was conducted by Ipsos B&A, found that just 15% of businesses consider themselves to be ‘fully compliant’ with the legislation, which has been billed as the toughest privacy and security law in the world.
A further 58% of respondents indicated that their organisation was ‘materially compliant’, and 25% answered that their enterprise was ‘somewhat compliant’. Overall, half of businesses surveyed believe they need more resourcing and investment or further expertise to improve.
The research also found that 82% of respondents believe the risks associated with GDPR non-compliance are increasing, with respondents citing ‘reputational risk’ as the most important factor in determining an organisation’s data protection risk appetite, followed by ‘fear of fines’.
Some 47% of respondents agreed that working to comply with GDPR has delivered many benefits for their organisation, up from 34% last year, and 52% said that the CEO of their organisation is strongly engaged in GDPR compliance and data privacy, up from 50%.
Eight in 10 (81%) of the businesses surveyed say they intend to improve their compliance status, according to the survey, which is now in its eighth year and also assessed awareness and readiness for a wave of new EU legislation around AI and new technologies.
Findings show that 60% of those surveyed are concerned about the impact of new digital legislation on their organisation, which includes the Digital Operational Resilience Act, the AI Act, the Data Act, the Data Governance Act, the Digital Services Act, the Online Safety and Media Regulation Act, the Digital Markets Act, the Network and Information Security Directive 2 (NIS2) and the Cyber Resilience Act.
There is also a high degree of uncertainty regarding the new legislation, with many respondents being unsure of their applicability to their business, which suggests further education and awareness is required within organisations, but nearly two-thirds (63) indicated that the AI Act will apply to their organisation.
“This survey underscores the essential need for organisations to remain up to date with both current and forthcoming regulations in the digital space. Irish businesses must diligently maintain their compliance initiatives, particularly amid the significant financial and reputational risks at stake,” said Liam McKenna, partner in consulting services in Forvis Mazars.
“Although GDPR regulations were implemented in 2018, that only 15% of Irish companies are fully compliant is a concern for Irish business, particularly in light of further digital legislation coming down the tracks including the Digital Operational Resilience Act (DORA), AI Act, Data Act, and Digital Services Act, among others.
“Irish companies therefore need to urgently focus on GDPR adherence, while actively gearing up for new legislative requirements.”
Paul Lavery, Partner at McCann FitzGerald, added: “The effectiveness of the GDPR as one of the toughest data privacy laws in the word is perhaps evidenced by the fact that organisations are still actively working on improving their compliance six years on.
“It is much more than a tick the box exercise and staying on the right side of these complex requirements will require ongoing attention and focus by Irish organisations.
“The good news is that this experience will serve businesses well as they prepare for new legislation coming down the track from the European Union.
“Legislating for rapidly changing technologies such as AI is no easy task, and we can expect regulations around data, AI, cyber resilience, information security and digital services to continue to evolve in the coming years.”
(Pic: Getty Images)