Lastest news

55% of organisations expect a GDPR audit in 2018

Jan 05, 2018
Just 37% of companies have been subject to a data protection audit in the past, while 55% of companies think they will be subject to an audit in the coming 18 months according to research published by Wizuda.

With less than 6 months before GDPR comes into full effect, the survey also found that over one third of Irish organisations have not yet started work on their GDPR compliance project with 26% indicating that other projects took priority.

Majority of SMEs believe an audit is coming

The survey showed that 69% of Irish SMEs consider themselves to be data processors. GDPR imposes direct statutory obligations on data processors, meaning they will be subject to direct enforcement and potential fines by the Office of the Data Protection Commissioner (ODPC) as well as compensation claims by data subjects. All data processors must now make available all information necessary to demonstrate compliance and allow audits to be conducted by the data controller.

With the recent 56% budget increase given to the ODPC along with the prescriptive obligations data controllers must now place on data processors under GDPR, only 19% of Irish SMEs believe that they won’t be subject to a data protection audit in the next 18 months.

Failing at the first email

Wizuda’s research also revealed that, despite awareness of data privacy demands, 57% of organisations still use email to send personal data. This, Wizuda warns, greatly exposes organisations to a potential data breach or data audit failure. Furthermore, two in five organisations are using old in-house scripts to transfer data, making it difficult to demonstrate compliance when requested in an audit.

"While it is worrying that less than two thirds of Irish SMEs have actually started their own project, it is good to see that 80% of those surveyed see IT as a major stakeholder in their GDPR compliance programme," said Danielle Cussen, Managing Director of Wizuda. "Both the OPDC and data controllers will be looking to ensure that all data processors are GDPR compliant, so we would expect the number of Irish companies planning for a data protection audit continuing to increase in the run-up to May 2018."

Mike Ross, Commercial Director of Wizuda, added: "Don't wait. If you know of a high-risk area, address it now. The right technical solutions can put permanent fixes into place and make the first steps of GDPR compliance much easier."
Source: Wizuda.