A majority of Irish organisations (54%) believe the GDPR in is need of reform with two-thirds (66%) stating the costs of GDPR compliance are greater than those envisaged when the Regulation was commenced in 2018 and almost half (45%) saying supervisory authorities interpret the GDPR in a way that makes compliance more difficult to achieve.
The results come from this year’s edition of an annual survey on the impact of the GDPR on organisations in Ireland, jointly published today by leading law firm McCann FitzGerald LLP and Mazars, the international audit, tax, advisory and consulting firm. Five years after the introduction of the GDPR, the survey examines its impact and success since its 2018 introduction.
Pictured from left to right: Paul Lavery, Head of Technology and Innovation Group, McCann FitzGerald, Liam McKenna Partner, Data Protection and Privacy, Mazars and Amy Brick,Partner, Regulatory and Data Disputes, McCann FitzGerald.
A majority of respondents agreed that complainants should be required to attempt to resolve complaints with the organisation processing their data before initiating a complaint with the Data Protection Commission (75%) and that data subjects should be required to pay a reasonable fee for making a data subject access request (52%).
Despite this appetite for reform, there is general belief that the GDPR has operated as a largely positive force. Strong agreement that the GDPR is beneficial for individuals is up twenty percentage points to 46% since 2018 (81% agree or strongly agree), while strong agreement that GDPR compliance is beneficial for organisations’ long-term relations with stakeholders such as employees and customers is up fourteen percentage points to 34% since 2018 (75% agree or strongly agree).
The general public, who formed part of this survey for the first time, demonstrated conflicting views about data protection. 80% said they are more concerned about their online privacy now as compared to 5 years ago and 78% agreed they are likely to purchase from organisations that have a good record in how they handle customers’ data.
However roughly half of all customers (49%) are willing to forgo some level of data protection if the product or service is very appealing, pointing to an appetite by a large portion of users of certain services, such as social media apps, to forgo some level of data protection to access these services.
Respondents from the general public also point to a potential need to simplify or more clearly communicate messages on data protection and the GDPR. 65% of members of the public agreed that organisations make it difficult to understand their approach to data protection, while one-in-four (24%) said they had either never heard of the GDPR or knew very little about it.
The European Parliament approved the Pay Transparency Directive in April 2023, adding significant power to Irish Gender Pay Gap (GPG) legislation. As a result, employers need to prepare for the impact of this legislation, or risk being identified and fined.
Mazars was delighted to partner with the Compliance Institute to deliver a webinar on how financial institutions can prepare for a regulatory inspection and how to deliver an effective risk mitigation programme action plan.
Changing regulations and increased supervisory scrutiny around how firms are carrying out their Anti-Money Laundering and Countering the Financing of Terrorism obligations underlines the need for a robust AML risk assessment framework write Mazars’ Kian Caulwell and Cara Hyland.
Mazars has partnered with Europrivacy to provide companies with General Data Protection Regulation (GDPR) compliance certifications. This is the first GDPR certification to be created since the launch of the GDPR four years ago, and has been authorised by the European Data Protection Board (EDPB). This certification positions companies as front-runners in data protection with a strong competitive advantage on the market.
Satisfying subject access requests can require a very significant amount of time and effort. Gathering the data, filtering out the irrelevant records, making decisions on what is necessary to include and redacting information appropriately can turn one SAR into a project in its own right.