Disclaimer

The new DPC website is currently under construction. Our latest guidance in relation to GDPR, which comes into effect on 25th May, 2018, can be found at gdprandyou.ie and via pages on this website starting with "NEW" as per the navigation pane on the left. All other material on this site relates to the previous legislative regime under the Data Protection Acts 1988-2003 ("the Acts"). While the Acts may continue to apply in some circumstances, as of 25th May, 2018 the GDPR is the primary piece of legislation governing data protection.

Data Protection Commission

over view

2018 saw a two-fold increase in awareness amongst SMEs in Ireland regarding the major changes in DP legislation taking place soon and a nearly three-fold rise in awareness of the GDPR start date. Five times more SME business executives are able to name 3 GDPR changes. There is a two fold increase in clarity as to whether businesses will be required to appoint a Data Protection Officer. 2018 sees a considerable rise in awareness of non-compliance penalties. More than twice as many SMEs have identified steps for compliance with GDPR. More SMEs have carried out an assessment of all the personal data held, reasons why, and for how long it needs to be kept. In 2018 more than 4 in 10 SMEs have evaluated the necessity of a DP Impact Assessment with 1 in 4 SMEs developing a DP Risk register. More than 6 in 10 SMEs recognise DP as an indispensable part of their current and future business planning. More SMEs this year consider DP compliance as a priority in their organisations with almost 4 in 10 SMEs having already actioned their GDPR implementation plan.

key points

Data Protection Legislation Changes & GDPR Awareness

2018 saw a two-fold increase in awareness amongst SME businesses in Ireland (90%) compared to last year (44%) regarding the major changes in data protection legislation taking place soon. There?s also a nearly three-fold rise in awareness of the GDPR start date (87% vs 30% in 2017). This year five times more SME business executives demonstrate knowledge of the consequences GDPR will have for their organisations with 30% now being able to name 3 changes compared to only 6% in 2017. There?s a two fold increase in clarity (44% vs 21% in 2017) as to whether each business will be required to appoint a Data Protection Officer within the organisation. 2018 sees a considerable ↑24% rise in awareness of the penalties imposed on companies for failure to comply with GDPR (65% versus 41% in 2017).

Actions Taken in Preparation & Compliance with GDPR

In 2018 more than twice as many SMEs (52% vs 21% in 2017) have identified steps for compliance with GDPR with ↑6% more (57% vs 51% in 2017) assigning a staff member to oversee GDPR preparation. This year ↑13% more SMEs (45% vs 32% in 2017) have carried out an assessment of all the personal data held in the organisation; ↑9% more (51% vs 42%) have analysed why to keep that data and ↑12% more (47% vs 35%) have assessed the necessary length of time to hold personal data. In 2018 more than 4 in 10 SMEs (43%) have initiated an evaluation to establish the necessity for carrying out a Data Protection Impact Assessment with every 4 th company (25%) developing a data protection risk register to identify and mitigate data protection associated risks. Almost 4 in 10 SMEs or 37% have already actioned their GDPR implementation plan.

Importance Placed on GDPR

In 2018 more than 6 in 10 SMEs in Ireland (61%) recognise data protection as an indispensable part of their current and future business activity planning. ↑7% more SMEs this year (69%) compared to 2017 (62%) consider data protection compliance as a priority in their organisation.