With just three months until the General Data Protection Regulation (GDPR) takes effect on 25th May 2018, one-third (32%) of directors say their organisation only began preparing for the GDPR in the last three months with 12% of companies beginning preparations within the last month.
The survey of 254 members of the Institute of Directors in Ireland (IoD), including chief executives, managing directors, heads of function, non-executive directors and chairpersons, found that 48% of organisations began preparing for the GDPR more than six months ago while almost half (47%) of firms have retained external advisors to assist with preparations.
The GDPR will be directly applicable in all EU Member States and updates and overhauls European data protection law with companies that process the data of EU residents obliged to comply with the new requirements.
75% of directors say they have a good to excellent understanding of the regulation, however; 25% of directors surveyed describe their level of understanding of the GDPR as fair or poor and 27% say their organisation is either slightly or not at all prepared for it.
“Given the significant compliance requirements, as well as potential fines and sanctions, the level of preparedness and understanding of the GDPR among some directors at this late stage is concerning,” said Maura Quinn, Chief Executive of the Institute of Directors in Ireland.
“While many organisations are well advanced in their preparations and have a very good understanding of GDPR requirements, a sizable proportion are coming late to the game and will require significant effort to achieve compliance by 25th May,” said Quinn.
With the implementation date approaching, almost all directors surveyed (89%) say the GDPR is a moderate to high priority for their organisation this year with 84% reporting that it is on the board’s agenda. Ensuring compliance by 25th May is a top priority for 76% of directors as is the appropriate treatment of data (71%).
The cost of ensuring full compliance with the GDPR, including staff training requirements, is of concern to 1 in 3 (34%) directors surveyed with over a quarter (28%) of companies intending to spend up to €10,000 on the implementation of GDPR requirements and 41% planning to spend up to €50,000.
87% of directors say that senior management has been briefed on the GDPR but just 43% of releant staff have received GDPR awareness training. Just 40% of companies required to do so have appointed a Data Protection Officer (DPO).
Online survey conducted between 5th-15th February 2018 with a sample of 254 members of the Institute of Directors in Ireland.