GDPR and Irish SMEs


Wizuda’s CIO and IT manager nationwide research reveals that, with less than 6 months to go:

  • 55% of Irish companies now expect a data protection audit 
  • Just 69% of companies feel that GDPR compliance is a top priority for their organisation
  • Less than two thirds of Irish companies (64%) have actually started on their path to GDPR Compliance 
  • 80% see IT as a major stakeholder in GDPR compliance    
  • 57% of organisations are still using email to send personal data 
  • 3 in 5 (61%) of Irish SMEs are currently reviewing their existing data transfer solutions

Wizuda today published its nationwide General Data Protection Regulation (GDPR) IT research conducted into 175 organisations. The research found that although only 37% of companies have previously been subject to a data protection audit, 55% of companies think they will be subject to an audit in the coming 18 months.

With less than 6 months before the GDPR comes into full effect the survey also found that over a third of Irish organisations have not yet started work on their GDPR compliance project, with over a quarter (26%) indicating other projects were a priority.

Wizuda commissioned Amárach Research to conduct a national research project across 175 organisations, investigating GDPR awareness, prioritisation and obligations. This study focused on SMEs and targeted IT decision makers ranging from IT Directors, Heads of IT, CIOs and CISOs. Research took place between 12th September and 11th October 2017.

Majority of SMEs Believe an Audit is Coming 

The survey showed that 69% of Irish SMEs consider themselves to be data processors. The GDPR imposes direct statutory obligations on data processors meaning they will be subject to direct enforcement and potential fines by the Office of the Data Protection Commissioner (ODPC), as well as compensation claims by data subjects. All data processors must now make available all information necessary to demonstrate compliance and allow audits to be conducted by the data controller.

With the recent 56% budget increase given to the ODPC along with the prescriptive obligations that data controllers must now place on data processors under GDPR, only 19% of Irish SMEs believe that they won’t be subject to a data protection audit in the next 18 months.

Failing at the First Email

Wizuda’s research also revealed that, despite awareness of data privacy demands, 57% of organisations still use email to send personal data. This, Wizuda warns, greatly exposes organisations to a potential data breach or data audit failure. Added to this 2 in 5 organisations are using old in-house scripts to transfer data, making it difficult to demonstrate compliance when requested in an audit. 

“Whilst it is worrying that less than two thirds of Irish SMEs have actually started their own project, it is good to see that 80% of those surveyed see IT as a major stakeholder in their GDPR compliance programme” said Danielle Cussen, Managing Director, Wizuda. 

“Both the OPDC and data controllers will be looking to ensure that all data processors are GDPR compliant, so we would expect the number of Irish companies planning for a data protection audit continuing to increase in the run up to May 2018.” 

Mike Ross, Commercial Director of Wizuda adds, “Don’t wait, if you know of a high-risk area, address it now. The right technical solutions can put permanent fixes into place and make the first steps of GDPR compliance much easier.”

Our Insights

Trust In The Media

17 Jun 2017

A recent question posed to our smart phone panel for the RTE Claire Byrne Live show highlights a worryingly low level of trust in the media in Ireland....

The Digital Transformation of Ireland

17 Jun 2017

Irish organisations could tap into a $100 trillion market through successful Digital Transformation of their business models by 2020, following global and Irish research conducted by Microsoft....

Creating Tomorrow, Today