Irish businesses unprepared for GDPR legislation & new era of data security

GDPR, the most comprehensive data protection legislation in the history of the European Union, comes into force on May 25, 2018. However, new research reveals that significant numbers of Irish firms and organisations are prepared for it, despite the stiff penalties for non-compliance…

gdpr legislation
Image Source: Pixabay

THE number of Irish organisations and businesses with no processes for dealing with cyber security breaches & other aspects of data protection is at least as high as 40 percent. It’s a finding that puts Irish businesses on a collision course with chaos in little over 13 months time, when GDPR legislation (the General Data Protection Regulation) comes into force.

“[There is] an increased responsibility on organisations to secure and protect all of the customer and third party data that they collect and handle.”

With just over a year until the introduction of the GDPR legislation, research from one of Ireland’s leading information security providers, Ward Solutions, reveals that more than 4 out of every 10 Irish organisations lack detection or response plans to deal with hacks.

Non-compliance with GDPR entails penalties of up to 4 percent of annual global turnover (or €20m), and liability to compensate those who suffer material or non-material damages arising from a GDPR infringement.

Despite this imminent reality, Ward Solutions told The Irish Times this week that 13 percent of the 170 firms they surveyed have no knowledge of where the customer data they have collected is stored.

More than 25 percent of organisations surveyed either had no awareness of GDPR or had not begun preparing for it, while 20 percent of company directors were unaware of the penalties for GDPR non-compliance.

Earlier this year, Pat Larkin, CEO of Ward Solutions, sounded a warning about “data fatigue” among consumers: “The general public are increasingly growing tired of being told that their personal data may or may not have leaked into the wrong hands,” he said. “This fatigue offers huge opportunities for cyber criminals as consumers drop their guard. It also places an increased responsibility on organisations to secure and protect all of the customer and third party data that they collect and handle.”

GDPR legislation holds organisations more accountable than ever for data security, while enshrining the ‘right to be forgotten’ and a number of other rights in relation to how companies store and handle personal data.

Organisations must know where and how data is stored, while public authorities or businesses who undertake large-scale personal data processing must appoint a Data Protection Officer in time for the legislation coming into effect on May 25, 2018.

GDPR legislation also stipulates ‘Privacy by Design and by Default’ in new processes for business products and services, while strategies for accountable and timely detection of and response to data breaches are also required.

The Ward Solutions research is the latest in a succession of warning shots for Irish organisations that will be bound by GDPR—any organisation that processes the data of EU citizens, regardless of whether that organisation has a physical presence within the EU.

Lack of GDPR-readiness is not limited to Irish firms. Earlier this month, global information services group Experian, following a survey of 1,431 professionals in organisations throughout the UK, US, Australia, Brazil, France, Germany, Spain and Singapore, revealed that 48 percent of international companies surveyed were not prepared for the new legislation.

Dublin Data Sec taking place on May 3rd in the RDS Concert Hall, Dublin, is one of the main events geared towards helping businesses prepare for GDPR legislation. Full information on speakers, schedule and registration is available here.