We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.

Faith in GDPR wanes as admin burden causes compliance anxiety
Mazars partner Liam McKenna and Amy Brick and Paul Lavery of McCann FitzGerald

18 Jan 2022 / GDPR Print

Faith in GDPR wanes as admin burden escalates

The findings in the 2022 joint McCann FitzGerald/Mazars GDPR-impact survey suggest a hardening of views towards the 2018 data-protection regulation, stemming from its knock-on effects during the pandemic.

Positive GDPR sentiment has waned by 14 points year-on-year (83% to 69%) and the belief that compliance with the regulation places an excessive administrative burden on organisations has grown by 16 points (53% to 69%).

Also down by five points (76% to 71%) is the belief that compliance with the GDPR will be beneficial for organisations’ relations with their employees, customers and other stakeholders in the long term. 


And compliance anxiety is on the up, with 57% of surveyed organisations expressing concerns about GDPR fines, up from 46% last year.

The surveyors suggest that inferences may be drawn that point to a growing view that GDPR applications in vaccine status, and continued difficulties with the international transfer of data, have not been in the interest of employees or businesses.

Over three-quarters (78%) agreed that the risks associated with GDPR non-compliance are increasing, while almost seven in ten (70%) said they were now more concerned about GDPR non-compliance than they had been in May 2018, when the regulation was introduced.

A significant two-fifths (43%) are concerned about civil actions from data subjects.

Most survey respondents work in organisations of more than 250 employees, spanning financial services, public, technology, and other sectors in Ireland.

McCann FitzGerald partner and technology and innovation head Paul Lavery said: “This year’s survey shows a decided shift in views towards the GDPR.” 

Lavery noted backwards motion in comfort with, and appreciation for, the GDPR.

Cooling of sentiment

“We can only speculate on the exact reasons for this cooling of sentiment, but a growing view that the application of the regulation to areas such as employee vaccine status or the international transfer of data, have not been in the interest of businesses, might be contributing to this perspective.” 

Most organisations continue to operate a hybrid work model (62%), with just one in 20 (5%) saying that such a move is not being considered. 

Nearly three-quarters (73%) have beefed up cyber security of documents that staff are working on remotely. 

And while one-quarter of those surveyed have policies permitting employees to work from overseas, just over half (52%) have updated systems to address transfers of data outside the European Economic Area (EEA) for those working abroad. 

And two-thirds (66%) said that the additional compliance burden associated with international transfers and the use of standard contract clauses would influence them to halt non-EEA transfers and/or host personal data within the EEA only.

Fines’ impact

Mazars partner Liam McKenna added that the reality of GDPR fines is now hitting home for employers, four years after the regulation came into force.

“Many businesses are observing the impact of fines for non-compliance, such as the high-profile penalty levied against WhatsApp by the Data Protection Commission last year, and understand the increasing need to ensure their own compliance.

“That fewer respondents say they have reported a data breach to the Data Protection Commission this year, with this number falling from 69% to 61% in the last 12 months, gives optimism that businesses are continuing to improve at managing such issues,” he added.

Vaccine data

Just under two-thirds (64%) of organisations believe that bosses should know the vaccine status of all of their employees, the survey shows.

And 56% claim that the lack of such data affects their return-to-office plans, with 15% citing a strong impediment.

And between 76%-90% of responders have developed internal data-protection roles in response to the GDPR.

Overall, 88% of firms say they are fully GDPR-compliant, up from 80% last year. Despite this, 61% of those surveyed had reported a data breach to the DPC in 2021, though this was down from 71% in 2020.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland