The majority of businesses in Ireland are not prepared for the upcoming General Data Protection Regulation (GDPR), according to a Data Sec 2017 survey, carried out in advance of the GDPR focused event which takes place on Wednesday May 3rd in the RDS Concert Hall in Dublin. The survey found that just 6 per cent of Irish businesses are at an advanced stage in their preparations for the new data protection laws. These findings come amidst warnings to businesses that the time is now to get ready for the GDPR.
GDPR will come into force on May 25th 2018 and presents businesses of all sizes involved in the processing of personal data with a mandate to review and change company policies and practices. Non-compliance could see businesses or organisations facing fines of up to €20,000,000 or 4 per cent of annual global turnover, whichever is greater. Organisations are also at risk of reputational damage and civil cases against them over the use of personal data unless they become GDPR compliant.
Although three-quarters are aware of the implications of GDPR for their business, 40 per cent of those surveyed are not executing plans for GDPR compliance.
Only half of respondents have put a dedicated staff member in place to oversee the process of becoming GDPR compliant, a vital part of preparing for the wide-scale changes that most organisations will be obliged to make. In the absence of a dedicated staff member, tasks that are crucial to compliance may be missed. For example, in the case of 60 per cent of respondents, the crucial task of updating the company’s customer facing privacy message has not been done.
According to Daragh O’Brien, MD of information governance company Castlebridge, at this stage if organisations are not at an advanced stage of preparation they “should accept that you will almost certainly not be fully compliant in time”, as organisational change on how to handle consumer data will take time, but that they should move quickly to minimise their risk.”
“This is not a case of changing some software, it is a cultural change within your organisation – it is people, it is work practices and it is documenting those work practices, and identifying and managing risks. What you should begin by doing is auditing your current work practices and start by addressing the most immediate risks,” O’Brien said.
16 per cent of businesses surveyed for Data Sec 2017 are working within a budget of €100k+ for GDPR compliance while the majority (61 per cent) will be spending €5,000-10,000.
One-third of respondents reveal that their GDPR plan is not integrated with their IT security infrastructure with only 16 per cent saying it is fully integrated.
Confirmed speakers at Dublin Data Sec 2017:
Speakers at Dublin Data Sec 2017, including the Data Protection Commissioner for Ireland Helen Dixon, Cyber Security Strategist Joseph Carson and Senior Counsel for Civil, Criminal and Internet Litigation Pauline Walley, will cover what GDPR involves for businesses and organisations. Delegates will be informed on the procedures to be put in place, governance, managing a data privacy programme; and data breach detection, reporting and security.
The conference also covers the issues surrounding ‘Data Protection, Brexit and Borders’, the ethics of GDPR, transparency, privacy as a service and unique insights from leading privacy managers from some of the world’s leading multinationals.
- Adrian Weckler, Technology Editor, Independent News & Media
- HelenDixon, Data Protection Commissioner for Ireland
- Joseph Carson, Cyber Security Strategist
- Pauline Walley, Senior Counsel, Civil, Criminal and Internet Litigation
- Emerald De Leeuw, CEO Eurocomply GDPR Software
- Jonathan Armstrong, Compliance and Technology Lawyer, Cordery
- Tomi Mikkonen, CEO, Privaon
- Todd Ruback, Chief Privacy Officer and VP of Legal Affairs, Evidon Inc
- Mark Adair, Partner, Commercial Law Practice Group, Mason Hayes & Curran
- Ronan Davy, Senior International Counsel, Etsy
- Stephen Laffan, Workday Global Privacy Program Manager
- Alan Curley, EMEA Privacy Compliance Manager for Janssen Pharmaceutical Companies, part of Johnson & Johnson Healthcare Companies
- Lorcan McLoughlin, Privacy Compliance Officer, Rabobank in Ireland
- Daragh O’Brien, Founder, Castlebridge, a firm specialising in Information Trust
Dublin Data Sec 2017 is an Independent News and Media event, please visit www.independent.ie/datasec for further information and tickets.