Data protection landscape more uncertain than last year, survey finds

27 Jan 2021

Image: © Ruslan Grumble/

Brexit, remote working and the Schrems II ruling are the top three concerns in terms of data protection for Irish businesses, according to a new survey.

In May of this year, GDPR will have been officially in effect for three years. In that time, a variety of data protection investigations, fines and breaches have been in the headlines and data protection came to the forefront of business concerns.

However, while plenty of businesses have stepped up their actions in the data protection and privacy space, the ever-changing landscape has caused many leaders to worry about ensuring maximum protection when it comes to the data their companies hold.

Now, a new survey has highlighted the increasing uncertainty business leaders feel when it comes to Ireland’s data protection landscape.

Surveying 250 organisations across the country, the Association of Compliance Officers in Ireland (ACOI) found that 76pc of Irish businesses believe the data protection landscape is more uncertain now than it was 12 months ago.

Brexit was the most cited reason for this uncertainty, followed by the increase in remote working and the impact of the Schrems II ruling.

Michael Kavanagh, CEO of ACOI, said it’s unsurprising that Brexit is the frontrunner. “What’s arguably more insightful is that more than a quarter of respondents say the growing prevalence of remote working is causing major issues and a similar number feel that the implications of the Schrems II ruling is adding to the ambiguity,” he said.

The concerns around remote working echo another survey from last week, which suggested that 80pc of organisations believe large-scale remote working during the pandemic has created additional data protection risks. The survey from Irish law firm McCann FitzGerald and audit, tax and advisory firm Mazars also found that only 55pc of respondents said they have implemented new procedures or policies to mitigate data protection risks.

Meanwhile, the landmark Schrems II ruling in July 2020 will have a direct impact on any organisation relying on Privacy Shield or standard contractual clauses (SCCs) for data transfers. SCCs are designed to ensure that European citizens enjoy the same level of protection for their personal data when it is processed outside the EU.

At the end of last year, the European Commission published a draft of the revised SCCs for the transfer of personal data to third countries, with a public consultation that ended on 10 December 2020.

Kavanagh said businesses will be watching closely to see the final outcome of this. “SCCs are widely used by both SMEs and multinational firms to facilitate international transfers of data. Similarly, in our experience, industry views the proposed supplementary measures proposed by the European Data Protection Board as too onerous and unworkable.”

He added that for businesses concerned about data protection, it’s important to focus on the basics. “Having clear policies in place and developing a robust data protection culture throughout the whole organisation. Human error is often a key factor in data breaches, so ensuring that new and existing staff receive regular training on privacy best practice is key.”

Jenny Darmody is the editor of Silicon Republic