Seven years after GDPR reshaped how businesses handle personal data, Irish firms are still struggling to get it right, despite nearly all of them claiming otherwise.
A new report from SurveyMonkey, released to coincide with the regulation’s anniversary, finds that 58% of Irish businesses have experienced data-related issues since GDPR came into force, with 1 in 5 hit by a fine. Yet 94% of decision-makers believe they fully comply with the regulation’s requirements.
The findings come as SurveyMonkey launches a new Trust Centre, a public hub designed to reassure clients about the company’s privacy and security standards. For a growing number of businesses, that transparency is no longer optional, Namely, 37% now refuse to work with vendors that can’t clearly articulate their data protection practices.
Compliance talk vs. compliance reality
While confidence is high, the cracks are showing. Twenty percent of businesses report being fined under GDPR, and nearly the same share (19%) say they’ve faced investigations or warnings from regulators. The issues aren’t just historical. Many firms are still reliant on outdated tech (25%) and lack the budgets (26%) to make the necessary upgrades, even as cyberattacks continue to rise.
This tension between intent and execution is prompting some to re-evaluate their tech stacks. Nearly 30% have recently invested, or plan to invest, in tools like encryption and data loss prevention software, often motivated by concerns around AI.
AI takes centre stage in the privacy threat matrix
Artificial intelligence is fast becoming the new privacy battleground as over 40% of Irish businesses believe AI and machine learning will pose the biggest security risks in the year ahead, with concerns peaking around generative AI (43%).
The tech is widely adopted, since 95% of firms now use AI in some capacity, but it’s also triggering a wave of new policy responses. Around 70% are drafting or implementing AI privacy guidelines, and a third are limiting which AI tools employees can use.
These moves also align with stricter regulations on the horizon, as the EU AI Act introduces additional compliance demands on top of GDPR.
Trust as a competitive currency
Despite the challenges, companies see privacy as a strategic asset. Almost 90% believe their data compliance efforts have earned them a competitive advantage, and the same number say their clients trust them because of it.
However, that trust is conditional. A staggering 76% of Irish businesses have cut ties with a vendor over GDPR or data security concerns, and 90% demand proof of compliance before signing on the dotted line.