A new survey by PwC Ireland has revealed that many business leaders have a mixed reaction to the introduction of new data protection laws.
The survey of approximately 100 businesses, conducted in late February 2018, showed that over half see real business benefits emerging from compliance with the General Data Protection Regulation (GDPR). However, a sizeable proportion (49%) said they saw no benefits arising.
GDPR is set to come into force on 25 May and is set to transform the protection of personal data. It will enforce security and governance around all personal information held by organisations. It also applies to organisations outside of the EU who hold information about non-EU residents if that data is processed inside the EU.
Some of the benefits of being GDPR compliant were identified in the survey. These include:
At the launch of the survey's findings, PwC's Cyber leader Pat Moran said: "It is worrying that one in two respondents still see no real benefits of GDPR. While there may be pain in getting there, there are several benefits of being GDPR compliant highlighted by the survey.
"It is good responsible business practice to hold personal data with care, know why you have it and delete it if it is not needed.
"Not only will your organisation have a cleaner data set, being GDPR compliant will ensure personal data is protected and secure and will reduce the risk of a data breach and consequent possible reputational damage."
Over one third of survey respondents said they would not be appointing a Data Privacy Officer (DPO) as part of their GDPR Programme.
Pat Moran said: "While all public bodies must appoint a DPO, other organisations who process sensitive personal data will be required to appoint a DPO. This is a very specialised and complex role and finding the right person with the appropriate skills and experience will not be easy."
One in four (41%) said that they have already invested up to €50,000 in relation to GDPR compliance; a similar proportion (39%) said they have invested between €50,000 and €500,000 and one in five have invested over €500,000.
Pat Moran commented: "Getting ready for GDPR is essential and required by law. While it may also be a costly exercise, especially for many SMEs, penalties for non-compliance will be far greater. At a basic level, companies need to invest time to look at what data they have, why they have it and whether they still need it.
"I would advise any organisation to invest the time and resources, including considering getting outside help, to help put in place their GDPR strategy and ensure the organisation has a risk-based approach as we get closer to 25 May this year."
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 158 countries with over 250,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
© 2019 PwC. All rights reserved
Director, PwC Ireland (Republic of)
Tel: +353 1 792 8632
Corporate Communications, PwC Ireland (Republic of)
Tel: +353 1 792 6547