NORMA eResearch @NCI Library

A study to identify if there is a clear understanding and awareness of required records management policies and procedures in Irish Organisations, specifically, in relation to compliance with the General Data Protection Regulations (GDPR) which came into force on 28th May 2018.

Reeves, Gary (2020) A study to identify if there is a clear understanding and awareness of required records management policies and procedures in Irish Organisations, specifically, in relation to compliance with the General Data Protection Regulations (GDPR) which came into force on 28th May 2018. Masters thesis, Dublin, National College of Ireland.

[img]
Preview
PDF (Master of Science)
Download (801kB) | Preview

Abstract

The European Parliament approved the implementation of the General Data Protection Regulation (GDPR) on the 27th April 2016 based on the protection of the natural person with regard to the processing of personal data and on the free movement of such data (European Parliament Council, 2018).

This study investigates if there is a clear awareness and understanding of the risks, costs and obligations incumbent upon Irish organisations in order to remain or become compliant with the aforementioned GDPR regulation.

A sample of 110 people that are directly involved in Data Protection, Compliance, Human Resources, Business Owners or individuals who are responsible for data compliance in Irish companies were chosen to participate in an online survey based on the authors contact list of companies. The participants were chosen to give a broad indicative sample from 10 main industry sectors, for example, medical, pharmaceutical, services, legal, construction, retail & airline.

The questions asked focused on information on specific GDPR awareness, industry analysis of the survey pool, previous and future training on GDPR, which were all targeted towards hardcopy documentation within Irish organisations. The questions were grouped together into 6 separate groups or themes of questions which would indicate the answering participants industry sector, their personal awareness of GDPR, if hardcopy documentation was retained by the organisation and needed to be addressed, what training has been received by the participants regarding GDPR and if additional financial resources were required for the organisation to get compliant with GDPR and if there were any known data breaches within the organisation. The questions were further broken down into three (3) main themes, that being: GDPR awareness, Industry Sector and Training on GDPR.

The research study demonstrated that all participants, in their own opinion, had a prima facie basic understanding regarding GDPR compliance, with the largest percentage of respondents reporting they are very familiar with the regulations and a lesser amount having an increased awareness and being extremely familiar with GDPR compliance regulations. Based on the target audience of professional individuals specifically working or responsible for GDPR compliance, it was expected that there would be a higher percentage of respondents being extremely aware of the GDPR regulations. The results seem to be indicative of a lack of understanding, training, expertise, knowledge and willingness to comply fully to the GDPR regulations in place even with the enormous financial threats of fines that can be levied in certain circumstances by the Data Protection Commissioner of Ireland.

Item Type: Thesis (Masters)
Subjects: H Social Sciences > HD Industries. Land use. Labor > HD28 Management. Industrial Management
K Law > KDK Republic of Ireland > Data Protection
Divisions: School of Business > Master of Science in Management
Depositing User: Dan English
Date Deposited: 06 Feb 2021 12:43
Last Modified: 06 Feb 2021 12:43
URI: http://norma.ncirl.ie/id/eprint/4682

Actions (login required)

View Item View Item