Four in five companies say that large-scale remote working during Covid-19 has created additional data protection risks.

This is according to research from legal company McCann FitzGerald and international audit, tax, and advisory firm, Mazars.

The pandemic has forced thousands of people across the country to work from home under restrictions to limit the spread of the disease.

Despite this, only 55pc of those surveyed said they have implemented new procedures or policies to manage data risks.

Just over half (51pc) of firms have stopped their employees using free communications tools that do not provide adequate data protection, according to the report.

Compliance by firms with the General Data Protection Regulation (GDPR) seems to be improving, with 80pc of organizations saying they are materially or fully compliant with the regulation, a 4pc improvement on last year.

Companies’ attitudes towards the GDPR are also warming, with three-quarters of organizations now believing compliance has benefits for their relations with employees, customers, and other stakeholders – up significantly from 58pc in 2019.

Less than half of respondents (46pc) were concerned about the prospect of being fined for GDPR non-compliance. One in ten of the firms surveyed said they still do not log personal data breaches, while one-fifth (21pc) say they do not conduct reviews of records of the data processing activity.                               


Only half of the organizations reported conducting third-party risk assessments when it comes to GDPR.

“Large-scale remote working poses data protection challenges for organizations, and it is unsurprising to find widespread concern on this issue,” said Paul Lavery, partner and head of technology & innovation at McCann FitzGerald.

“Remote working policies, including those dealing with confidentiality and IT security, as well as the software used by employees when working from home, should be urgently reviewed to ensure they are fit for purpose and support adequate security.”

Around 80 firms took part in the report. Respondents had an average of 236 employees in Ireland and were based across the financial services, public, technology, and other sectors.

When it comes to Brexit, the Irish companies were prepared from a privacy perspective for a no-deal Brexit scenario with only 15pc saying they had not taken any steps to address transfers of personal data to the UK on the transition period’s expiry date.