Majority of SMEs spend at least €5,000 on GDPR

12th July 2018 | News

Nine-in-ten small-and-medium-sized enterprises (SMEs) in Dublin spent €5,000 or more on preparing their businesses for the European Union’s (EU) new General Data Protection Regulation (GDPR), which was introduced on 25th May.

That’s according to a new survey by IT specialists, MicroWarehouse, into how Irish firms have adapted to GDPR since its implementation. The report was based on 100 face-to-face interviews conducted with chief information officers and IT leads in companies throughout the Irish capital.

Almost three-fifths (57%) of business owners surveyed said they did not believe the arrival of GDPR had made any difference to their day-to-day operations.

Furthermore, a third of companies did not discuss the arrival of GDPR at management level; a statistic that MicroWarehouse deemed “shocking”. Only one-in-eight (13%) businesses surveyed stated that cybersecurity was a top priority for their company, which has caused concerns for MicroWarehouse technical sales lead, Aidan Finn.

Finn said: “The research indicates that little or no difference has been recorded to the day-to-day operations of companies surveyed.

“It also highlights the costs associated with becoming GDPR compliant, which is particularly onerous on SMEs who are subject to the same regulations as larger companies.

“In relation to cybersecurity and hacking, we were shocked to learn that security of data is so far down the agenda at a senior management level.

“Particularly in an era of cybercrime and data leaks, one would think ensuring the security of your network would be in the company’s best interest.”

Just a third of businesses surveyed said they had to take action to prepare for GDPR by making amendments to data breach procedures.

This seems quite low considering the consequences for failing to comply with GDPR could be somewhat damaging to any small business in Ireland. Fines of up to 4% of annual global turnover or €20m will be dished out, whichever figure is greater.

It’s important to note that GDPR is not just an EU directive that can be integrated internally over time. The regulation was made law from 25th May, harmonising data privacy laws across all EU member states, protecting citizens’ data privacy in the process.

GDPR is applicable to all businesses inside the EU, as well as those outside the EU that do business with EU member states.