Subscriber OnlyBusiness

Few companies believed to fully comply with EU data rules, survey finds

Just 15 per cent of firms deemed to be in full compliance with GDPR six years after it became law

GDPR on a screen with 1s and 0s
A joint survey published by Forvis Mazars and McCann FitzGerald found just 58 per cent said their organisation was 'materially compliant' with the EU data rules.

Only 15 per cent of businesses believe their organisation is fully compliant with General Data Protection Regulation (GDPR) rules, some six years after the data privacy legislation was introduced.

Businesses were also concerned about upcoming legislation that could impact their business covering AI, online safety and digital services.

The joint survey published by Forvis Mazars and McCann FitzGerald found just more than half – 58 per cent – said their organisation was “materially compliant” with the EU rules, while a quarter classed their organisation as “somewhat compliant”.

GDPR isn’t the problem, Big Tech and governments are the issueOpens in new window ]

That was despite the majority – 82 per cent – saying that the risks of failing to comply with the legislation were increasing, with risk to reputation the top concern, pushing fear of fines into second place.

READ SOME MORE

“That only 15 per cent of Irish companies are fully compliant is a concern for Irish business, particularly in light of further digital legislation coming down the tracks,” said Liam McKenna, partner in consulting services at Forvis Mazars. “Irish companies therefore need to urgently focus on GDPR adherence, while actively gearing up for new legislative requirements.”

The findings of the survey indicate that Irish businesses have continuing challenges with implementing the legislation. Half of those surveyed said they needed more resources, investment or expertise in the field, but more than 80 per cent said they planned to improve their compliance status.

Despite this, almost half of businesses said working to comply with the privacy rules has benefited their business, a rise from the 34 per cent who saw the positive side of it last year.

Court dismisses claim data watchdog failed to investigate alleged breach by GoogleOpens in new window ]

However, experts warned that businesses needed to focus on adhering to the rules, both those already in place and upcoming legislation.

A total of nine new Acts have been introduced or are due to come into effect in the near future, giving Irish companies an increasingly complex legislative environment. The joint survey found 60 per cent of respondents were worried about the impact of new legislation, with uncertainty over how – or if – it would apply to their business. There is most awareness around the AI Act, which is due to come into effect next month, with three-quarters saying the legislation would apply to their business, and almost one-fifth already preparing for its introduction.

“The effectiveness of the GDPR as one of the toughest data privacy laws in the word is perhaps evidenced by the fact that organisations are still actively working on improving their compliance six years on. It is much more than a tick-the-box exercise and staying on the right side of these complex requirements will require ongoing attention and focus by Irish organisations,” said Paul Lavery, partner at McCann FitzGerald.

“The good news is that this experience will serve businesses well as they prepare for new legislation coming down the track from the European Union. Legislating for rapidly changing technologies such as AI is no easy task, and we can expect regulations around data, AI, cyber resilience, information security and digital services to continue to evolve in the coming years.”

Ciara O'Brien

Ciara O'Brien

Ciara O'Brien is an Irish Times business and technology journalist