GDPR and Irish SMEs


Wizuda’s CIO and IT manager nationwide research reveals that, with less than 6 months to go:

  • 55% of Irish companies now expect a data protection audit 
  • Just 69% of companies feel that GDPR compliance is a top priority for their organisation
  • Less than two thirds of Irish companies (64%) have actually started on their path to GDPR Compliance 
  • 80% see IT as a major stakeholder in GDPR compliance    
  • 57% of organisations are still using email to send personal data 
  • 3 in 5 (61%) of Irish SMEs are currently reviewing their existing data transfer solutions

Wizuda today published its nationwide General Data Protection Regulation (GDPR) IT research conducted into 175 organisations. The research found that although only 37% of companies have previously been subject to a data protection audit, 55% of companies think they will be subject to an audit in the coming 18 months.

With less than 6 months before the GDPR comes into full effect the survey also found that over a third of Irish organisations have not yet started work on their GDPR compliance project, with over a quarter (26%) indicating other projects were a priority.

Wizuda commissioned Amárach Research to conduct a national research project across 175 organisations, investigating GDPR awareness, prioritisation and obligations. This study focused on SMEs and targeted IT decision makers ranging from IT Directors, Heads of IT, CIOs and CISOs. Research took place between 12th September and 11th October 2017.

Majority of SMEs Believe an Audit is Coming 

The survey showed that 69% of Irish SMEs consider themselves to be data processors. The GDPR imposes direct statutory obligations on data processors meaning they will be subject to direct enforcement and potential fines by the Office of the Data Protection Commissioner (ODPC), as well as compensation claims by data subjects. All data processors must now make available all information necessary to demonstrate compliance and allow audits to be conducted by the data controller.

With the recent 56% budget increase given to the ODPC along with the prescriptive obligations that data controllers must now place on data processors under GDPR, only 19% of Irish SMEs believe that they won’t be subject to a data protection audit in the next 18 months.

Failing at the First Email

Wizuda’s research also revealed that, despite awareness of data privacy demands, 57% of organisations still use email to send personal data. This, Wizuda warns, greatly exposes organisations to a potential data breach or data audit failure. Added to this 2 in 5 organisations are using old in-house scripts to transfer data, making it difficult to demonstrate compliance when requested in an audit. 

“Whilst it is worrying that less than two thirds of Irish SMEs have actually started their own project, it is good to see that 80% of those surveyed see IT as a major stakeholder in their GDPR compliance programme” said Danielle Cussen, Managing Director, Wizuda. 

“Both the OPDC and data controllers will be looking to ensure that all data processors are GDPR compliant, so we would expect the number of Irish companies planning for a data protection audit continuing to increase in the run up to May 2018.” 

Mike Ross, Commercial Director of Wizuda adds, “Don’t wait, if you know of a high-risk area, address it now. The right technical solutions can put permanent fixes into place and make the first steps of GDPR compliance much easier.”

Our Insights

GDPR And You

17 Jun 2017

Today marks one year until the introduction of the EU’s substantial overhaul of data protection laws, the General Data Protection Regulation (GDPR) but only 14% of Irish SMEs have begun getting ready, according to...

Hard Brexit Ahead

17 Jun 2017

For the sixth year running Merc Partners in consultation with Amárach compiled a survey that focused on Executive Expectations for 2017. The findings of which build on the foundations of similar studies undertaken. ...

Creating Tomorrow, Today