Complying with the General Data Protection Regulation has been a costly exercise for Irish business which mostly exceeded estimates, according to
new research from Mazars and McCann FitzGerald.Over half the 73 respondents in the survey said internal and external GDPR-related costs to date such as IT, audit, legal and training have amounted to between €50,000 and €250,000.
“Businesses that have been relying on manual processes will need more automated solutions in the future, particularly since potentially labour-intensive activities such as maintaining an active record of processing or documenting and evidencing compliance are identified as areas of concern from an enforcement perspective,” says the report.
Looking ahead, 84% of companies said that they had either implemented or intended to implement IT solutions to support delivering and demonstrating their compliance with GDPR. Of this cohort, the further investment expectation is in the range of €50,000 to €250,000.
Despite the costs, six months on from activation and nine out of ten firms in the small survey are confident that they have correctly interpreted their GDPR obligations.
McCann Fitzgerald partner Paul Lavery said: “An interesting aspect of the research is the air of confidence among organisations of their understanding of GDPR. Nobody said the road to GDPR compliance would be easy, but most organisations have found it to be a worthwhile, albeit at times painful, exercise in terms of information governance, something they may not have done otherwise.”
Mazars partner Liam McKenna added: “The research shows positive action among the business community, as evidenced by the appointment of Data Protection Officers, the investment of financial resources as well as the proactive reporting of data breaches.
“However, it is clear that embedding compliance into business as usual functions, in order to demonstrate accountability, is proving challenging. Although a baseline level of compliance has been achieved, organisations are continuing to develop so as to manage data protection risks.”
Of all the aspects of compliance, one-third of businesses have found the creation and maintenance of records of processing activities to be the greatest challenge.
Since the introduction of GDPR in May 2018, individuals appear to be more aware and keen to exercise of their rights. Over half the respondents reported an increase in data subject requests. The same proportion said they find meeting the requirements in relation to consent to be challenging or extremely challenging.
Photo: Paul Lavery (left) and Liam McKenna (right) with McCann FitzGerald’s Annette Hogan. (Pic: Shane O'Neill)