33% of Irish companies have not started preparations for GDPR

Dec 08, 2017
Wizuda published its nationwide General Data Protection Regulation (GDPR) IT research and found that, although only 37% of companies have previously been subject to a data protection audit, 55% of companies think they will be subject to an audit in the coming 18 months.

With less than 6 months before the GDPR comes into full effect, the survey also found that over a third of Irish organisations have not yet started work on their GDPR compliance project, with over a quarter (26%) indicating other projects were a priority.

Wizuda commissioned Amárach Research to conduct a national research project across 175 organisations, investigating GDPR awareness, prioritisation and obligations. This study focused on SMEs and targeted IT decision makers ranging from IT Directors, Heads of IT, CIOs and CISOs.

“Whilst it is worrying that less than two thirds of Irish SMEs have actually started their own project, it is good to see that 80% of those surveyed see IT as a major stakeholder in their GDPR compliance programme” said Danielle Cussen, Managing Director, Wizuda. 

“Both the OPDC and data controllers will be looking to ensure that all data processors are GDPR compliant, so we would expect the number of Irish companies planning for a data protection audit continuing to increase in the run up to May 2018.” 

An audit is coming 

The survey showed that 69% of Irish SMEs consider themselves to be data processors. The GDPR imposes direct statutory obligations on data processors meaning they will be subject to direct enforcement and potential fines by the Office of the Data Protection Commissioner (ODPC), as well as compensation claims by data subjects. All data processors must now make all information necessary available to demonstrate compliance and allow audits to be conducted by the data controller.

With the recent 56% budget increase given to the ODPC, along with the prescriptive obligations that data controllers must now place on data processors under GDPR, only 19% of Irish SMEs believe that they won’t be subject to a data protection audit in the next 18 months.