Almost one third of directors said their organisation only started preparing for the upcoming General Data Protection Regulation in the last three months, with some one in eight (12%) of companies beginning preparations within last month, according to a new survey.
Nearly half (48%) of organisations began preparing for the GDPR more than six months ago, while 47% of firms have retained external advisors to assist with preparations, according to a survey by the Institute of Directors of Ireland (IoD).
The IoD surveyed 254 of its members, which includes chief executives, managing directors, heads of function, non-executive directors and chairpersons.
Over one third (34%) of directors voiced concern over the cost of ensuring full compliance with the GDPR, which includes staff training requirements. Over a quarter (28%) of companies intend to spend up to €10,000 on the implementation of the GDPR requirements and 41% plan to spend as much as €50,000.
Most directors (87%) said their senior management has been briefed on the regulation but just 43% of relevant staff have received GDPR awareness training. Meanwhile, only 40% of companies required to do so have appointed a data protection officer.
Three in four (75%) directors said they have a good to excellent understanding of the GDPR, while a quarter (25%) said their understanding of the regulation was fair or poor. 27% said their organisation is either slightly or not at all prepared for it.
Almost all directors (89%) said that the GDPR is a moderate to high priority for their organisation this year with 84% reporting that it’s on the board’s agenda. Ensuring compliance by 25 May is a top priority for 76% of directors as is the appropriate treatment of data (71%), according to the survey.
Data Law Overhaul
The new EU regulation is set to come into effect on 25 May 2018 and will apply directly to all Member States, updating and overhauling European data protection law with companies that process data of EU residents obliged to comply with new requirements.
This is particularly pertinent to Ireland, as the country has become a hub for major data centres in recent years, with the likes of Amazon, Facebook, Google and Apple all having their European data storage facilities here.
The Irish Government published its application of the GDPR, the Data Protection Bill 2018, on 2 February 2018, which will give effect to the EU regulation.
“Given the significant compliance requirements, as well as potential fines and sanctions, the level of preparedness and understanding of the GDPR among some directors at this late stage is concerning,” said Maura Quinn, chief executive of the IoD.
“While many organisations are well advanced in their preparations and have a very good understanding of GDPR requirements, a sizeable proportion are coming late to the game and will require significant effort to achieve compliance by 25 May,” said Quinn.
The survey was conducted online between 5-15 February 2018 with a sample of 254 members of the IoD.
© 2018 - Checkout Magazine by Kevin Duggan