Fewer than one in 10 CEO’s, IT and privacy managers surveyed by independent.ie said their company’s plans for compliance with the new data protection law are at an advanced stage.
The GDPR will become law across the EU in May 2018, replacing all current data protection regulations and covers any personal data held by a company or organisation on an EU citizen. The fines for non-compliance can be as much a 4pc of the organisation’s worldwide turnover, or €20m, whichever is higher.
Along with fines and reputational damage, organisations also risk being subject to civil cases over the handling of their material.
Despite the implications for non-compliance and, with just over a year to go until the regulation is mandatory for companies, only 6pc of those surveyed say their plans for compliance are at an advanced stage. The survey of 89 business leaders found that although 75pc are aware of the implications of non-compliance, four in every 10 say that their organisation has not yet commenced with plans to become GDPR compliant.
Half of respondents say they have not yet appointed a dedicated staff member to oversee the process.
Essential tasks that are crucial to compliance, such as updating the company’s customer-facing privacy message, have not been done according to 60pc of respondents.
Daragh O Brien, MD of information governance company Castlebridge, said if organisations are not at an advanced stage of preparation they “should accept that you will almost certainly not be fully compliant in time”, as organisational change on how to handle consumer data will take time, but that they should move quickly to minimise their risk.
“This is not a case of changing some software, it is a cultural change within your organisation – it is people, it is work practices and it is documenting those work practices, and identifying and managing risks,” he said. “What you should begin by doing is auditing your current work practices and start by addressing the most immediate risks,” he added.
The Dublin Datasec 2017 conference, which takes place in the RDS on May 3, will provide expert speakers, information and insight to help businesses comply with GDPR and get the most out of the legislation.