More than 4 in every 10 Irish businesses are still struggling with elements of GDPR in their day-to-day operations three years after its introduction. This is one of the primary findings of the latest nationwide survey from the Association of Compliance Officers in Ireland (ACOI). The survey of over 300 organisations, answered by ACOI members with responsibility for compliance in financial organisations throughout the country, was released in tandem with the third anniversary of the introduction of the EU wide regulatory system for data control and privacy. The survey found that while two thirds of organisations are fully or almost fully compliant, another third of firms have yet to reach that level.
Speaking of the findings, Michael Kavanagh, CEO of ACOI, commented,
“It’s encouraging to find that everything is ‘running smoothly’ for 54% of businesses in their GDPR operations and control. This is certainly something to be lauded, as implementing the code has proved a complex and often time-consuming task for many. Which is why it’s concerning, but perhaps unsurprising, to find the remaining organisations that participated in our survey (46%) are still struggling, despite being three years into the regulations. This raises questions around whether or not businesses feel they have enough support in this area? And more importantly, is there more that can be done to help companies struggling in this regard?”
GDPR regulation requires businesses to protect the personal data and privacy of EU citizens for transactions occurring within EU member states.
Mr. Kavanagh commented,
“The survey reveals that a quarter of businesses are “fully compliant” with the regulations. This means they have successfully implemented all the measures required and that they have limited their exposure to regulatory penalties. A further 42%, the majority of respondents, were “almost fully compliant”, meaning they still have elements to work on in terms of their exposure to penalty. This could be in an area of accountability and governance they have overlooked, or it could be to do with privacy rights, or data security. 31% agreed that they were “somewhat compliant”, but that gaps remained.
To any companies that may overlook their compliance in this critical area of business, or indeed who may have let their systems lapse owing to pressures in other areas of operations, we would advise them to rectify the issues as soon as possible, because EU regulatory bodies have, and will inflict heavy penalties on companies that do not adhere to the required GPDR standards.”
COVID & GDPR
The ACOI survey also found that almost 4 in 10 businesses believe GPDR would make it very difficult for businesses to collect and collate employee health and vaccination data.
Mr. Kavanagh went on to say,
“Like most things, COVID will have implications for GPDR and vice versa in terms of collection of employee health and vaccination data. It is evident from our survey that if employers were to gather this data, many employers feel that GDPR could hamper their efforts – so consideration would have to be given to this area”.
Mr. Kavanagh concluded,
“We would encourage business owners to make full use of the various supports and resources available to businesses to help them in this area, which range from online GDPR checklists to compliance professionals which can audit your GDPR compliance, improve systems, and fill in any outstanding gaps.”