87% of Irish businesses consider upcoming EU General Data Protection Regulations (GDPR) to be a significant issue, with 61% already having begun a programme to ensure compliance by the May 2018 implementation date. However, of those companies for whom GDPR is identified as a significant issue, just under one in five (19%) feel they are well prepared for the new regulations. That’s according to a new research report commissioned jointly by A&L Goodbody and Ibec, the group that represents Irish business.

Speaking at the publication of the results at Ibec last week, Erik O’Donovan, Head of Digital Economy Policy at Ibec said: “This collaborative report with A&L Goodbody, forms part of a wider ongoing Ibec campaign, Mind Your Business; Prepare for GDPR, that works to raise the awareness to the business community of their obligations under the GDPR. The GDPR seeks to safeguard the privacy rights of individuals in relation to the processing of their personal data by organisations. While the results of today’s report highlight many positive actions currently being undertaken by Irish business, it also reveals that just under 40% of companies surveyed have not yet begun a programme to ensure compliance by May 2018. It is imperative that this is amended, as the GDPR will have significant and wide ranging impacts, including fines of up to 4% of global turnover or €20m (whichever is greater) in the case of a breach.

John Whelan, Partner at A&L Goodbody stated:

"GDPR needs to be top of the board room agenda. There has been much publicity and activity around the technical aspects of GDPR readiness. However, senior management also need to focus on the legal obligations and responsibilities – in particular the personal responsibilities and liability of directors, and their statutory and fiduciary duties. The reputational aspects of a breach of the GDPR, and the new relationship that will emerge between senior level management within organisations and the Regulator, will be key. The GDPR represents the biggest change to data protection law in over twenty years and with it brings the immense need for cultural change within organisations."

The report revealed some of the measures that Irish businesses are taking to prepare for the GDPR:

  • 47% have assessed the data protection risks to the organisation
  • 46% have appointed a GDPR implementation team
  • 44% have compiled an inventory of all personal data held by the organisation
  • 42% have appointed a Data Protection Officer
  • 29% have held staff training workshops on GDPR
  • 21% have assigned a GDPR implementation budget

A copy of the report is available here