71% of companies say that they reported a personal data breach to the Data Protection Commission (DPC), or another supervisory authority, last year, while only 8% believe they are ‘fully compliant’ with the General Data Protection Regulation (GDPR).
71% of Organisations Reported a Data Breach Last Year
Only 8% Say They Are Fully Compliant with GDPR
The findings come from a survey on the impact of GDPR on organisations in Ireland, jointly published by leading Irish law firm McCann FitzGerald and, leading professional services firm, Mazars.
Picture (from L to R): Graham Doyle (Data Protection Commission, Ireland), Fiona O'Beirne (Partner, McCann FitzGerald) & Liam McKenna (Partner, Mazars), Paul Lavery (Partner, Head of Technology and Innovation Group, McCann FitzGerald).
While only 8% of organisations believe they are ‘fully compliant’ with GDPR, a further 68% believe they are ‘materially compliant’. Almost a quarter (24%) of companies, however, say they are only ‘somewhat compliant’. Nevertheless, 94% of respondents claim their organisations are more compliant than they were at the introduction of GDPR in May 2018.
Responses suggest that many organisations do not engage in activities usually considered integral to achieving GDPR compliance. Only 69% of organisations say they carry out periodic reviews of their records of processing activities, while around one-fifth (18%) have not defined internal roles and responsibilities for data protection.
In many companies senior management does not appear to be leading on GDPR, with less than half (44%) of respondents seeing their CEOs as strongly engaged on GDPR compliance and data privacy.
The 71% of organisations that reported a personal data breach represents an increase from 51% in 2018, while only 59% of organisations in 2019 reported a personal breach to affected data subjects.
Respondents, a majority of whom were employed in organisations of more than 250 employees, span the financial services, public, technology, and other sectors.
The results of the survey, which is now in its fourth year, were launched at McCann FitzGerald’s offices at an event which heard from speakers from McCann FitzGerald and Mazars, as well as Deputy Data Protection Commissioner Graham Doyle.
Speaking at the launch, Paul Lavery, Partner and Head of Technology & Innovation at McCann FitzGerald said:
“It is clear that a majority of organisations have some work to do to achieve compliance with GDPR. Given the substantial fines that may be levied for GDPR breaches, it is crucial that organisations get internal policies and procedures on GDPR right to protect themselves from this risk.”
Remarking on the result that almost two-thirds (61%) of respondents feel that GDPR places an excessive administrative burden on organisations, up 5% on last year’s survey, Partner at Mazar’s Consulting Services practice, Liam McKenna said:
“This unfavourable view of GDPR implementation may make it more challenging to initiate new compliance activities within organisations. A higher level of CEO engagement in this area may be necessary to drive the data protection agenda and achieve full GDPR compliance.”
For more information, contact: Cian O’Dowd, Powerscourt - +353 86 7878051
McCann FitzGerald www.mccannfitzgerald.com is one of Ireland’s premier law firms. The firm is owned by the partners and comprises 78 partners and almost 400 other lawyers and professional staff. It provides the highest quality legal advice and representation to Irish and overseas clients. Its clients are principally in the corporate, financial and business sectors and it also advises government entities and State bodies. It is consistently recognised by clients and market commentators as being the market leader in many sectors.
Mazars is an international partnership specialising in audit, tax, consulting and financial advisory services. In Ireland, we employ over 500 people in Dublin, Limerick and Galway and work with large corporate companies, small to mid-sized indigenous businesses and private clients to assist at every stage in their development. We operate in 91 countries and draw on the expertise of 40,400 professionals - 24,400 in the Mazars integrated partnership and 16,000 via the Mazars North America Alliance.
Most reportable data breaches are a result of human error. By focusing on understanding online human behaviour and an organisations culture, Mazars can help you to design engaging and practical cyber policies, deliver education and implement effective work practices that reduce cyber risk.