More than half the Irish companies do not think that the introduction of Global Data Protection and Regulation (GDPR) has influenced their day-to-day operations, suggests a study by MicroWarehouse. The report states that 57% of Irish companies for one month since the compliance deadline of May 25 did not find any difference in their daily activities.
The survey also points out that with regard to companies coming under GDPR compliance, several small and medium enterprise did not enact any rigorous preparation model. While 20 percent of large companies had not only utilized the time allotted but even went to the extent of hiring an interim CISO, or engaging a GDPR accelerator to be compliant.
For nearly 32 percent of the respondents, amendments to data breach procedures in the company was the action taken to ensure compliance under GDPR. While, with regards to the cost, nearly 90 percent of small and medium enterprises spent €5,000 ($5,770) in preparation of the deadline, whereas 43 percent of the larger companies spent up to €20,000 ($23,075) to ensure compliance.
An alarming trend was that, when asked about cybersecurity concerns and the level of priority placed, only 13 percent of the companies stated that cybersecurity was one of the key concerns. While 35 percent of the respondents stated that cybersecurity and related issues were never discussed at management level.
“As we all know, there was considerable pressure placed on businesses to become GDPR compliant by a strict deadline and as such, we were interested to see how it has impacted their business since that date,” said Aidan Finn, Technical Sales Lead at MicroWarehouse to Irish Examiner. “It also highlights the costs associated with becoming GDPR compliant, which is particularly onerous on SMEs who are subject to the same regulations as larger companies. In relation to cybersecurity and hacking, we were shocked to learn that security of data is so far down the agenda at a senior management level. Particularly in an era of cyber crime and data leaks, one would think ensuring the security of your network would be in the company’s best interest.”