This is according to the results of a new survey by Ireland's professional body for compliance professionals, the Compliance Institute, which polled approximately 150 compliance experts working primarily in Irish financial services organisations nationwide.
One of the remits of the media watchdog, which has been in place since March 2023, is to regulate digital content so that adults and children are not harmed by online content or behaviour.
The survey also asked compliance professionals to specify the biggest challenges posed to their organisation by the EU’s flagship data privacy and protection law, GDPR.
Seven years after this law came into force[1], four in ten organisations (41%) organisations in Ireland’s financial services sector cite the ever-changing nature of guidelines in this area as the biggest challenge they face.
Coimisiún na Meán
Headline findings from the Compliance Institute survey reveal that:
- One in 18 (6%) financial services firms are expecting the rules arising from the digital content regulation remit of the watchdog to create “significant” compliance challenges for their organisation
- More than one in four (27%) foresee ‘manageable’ compliance challenges for their firm as a result of the digital content regulation remit of Coimisiún na Meán.
- More than one in three (35%) expect the Coimisiún’s digital content regulation remit to have no impact on its organisation.
- Almost one in three (31%) compliance professionals are not familiar with Coimisiún na Meán’s role.
Commenting on the survey findings, Michael Kavanagh, CEO of the Compliance Institute, said:
“In such a digital-centric world, and one in which technology is so far reaching and often pervasive, it’s important that adults and children can go online without fear of being harmed by the content or behaviour they come across. The Coimisiún has a hugely important role to play in this regard and its recent crackdown on social media giants[2], with those organisations now required to put measures in place to protect children from harmful content online, is just one of a number of crucial steps which the Coimisiún as a regulator of digital content.
It’s important that online content is regulated so that it doesn’t incite hatred, disseminate ‘fake news’ or misinformation, discriminate against certain sectors, facilitate criminals, be used to perpetuate child exploitation or abuse, or to prey on the vulnerable. All organisations have a part to play in ensuring they know, and abide by, the rules in this regard. The evolving nature and global reach of digital media and the sheer volume of online content out there will undoubtedly present challenges for organisations when meeting digital contents rules. Evolving regulations in this area and the complexity of various laws could also prove challenging for firms.
It is interesting that more than two years since it has been up and running, a significant portion of compliance professionals are not familiar with Coimisiún na Meán’s role. This may indicate a need for increased awareness of the new media regulator – and maybe even of the vices and dangers out there online that it is seeking to police.”
GDPR
The Compliance Institute survey found that the top challenges faced by financial services organisations when it comes to meeting GDPR rules are:
- Ensuring ongoing compliance with evolving guidelines (41% of compliance experts said this was the biggest GDPR challenge facing their organisation)
- Maintaining robust data governance frameworks[3] (36%)
- Cross-border data transfers and Schrems II[4] implications (13%)
- Managing requests from individuals for copies of personal data[5] (10%).
Commenting on this aspect of the survey, Mr Kavanagh said:
“Data breaches are unfortunately becoming more and more common today and the consequences can be very serious. Where sensitive information is comprised, individuals can be vulnerable to theft, fraud, and other malicious activities.
Given that more than half of European fines for data breaches came from Ireland last year[6], GDPR has certainly added to the workload of Irish compliance professionals and so it is perhaps unsurprising that these experts cite evolving GDPR guidelines as the biggest challenge facing their organisation. An EU announcement on May 21[7] that it is scaling back some of its GDPR rules as part of its efforts to ease regulatory requirements on businesses will no doubt be welcomed by many Irish firms. This move should reduce GDPR red tape for many businesses, saving them time and administrative costs.
Only one in ten compliance experts say that the biggest challenge they face with GDPR is managing requests from individuals for copies of any of their personal data. Interestingly, the majority of the complaints and queries the Data Protection Commission (DPC) receives concern individuals seeking to exercise their right of access to such data[8]. Our survey suggests that organisations in the financial services sector understand and are meeting their obligations in this regard.”
Footnotes:
[1]GDPR legislation came into effect on May 25, 2018
2As per Coimisiún na Meán opens review of online platforms’ compliance with EU Digital Services Act & Statement on Online Safety Code
3 A data governance framework creates a single set of rules and processes for collecting, storing and using data.
4 A decision by the Court of Justice of the European Union that impacts how personal data is transferred from the EU to the US. This ruling emphasized the need for better protection mechanisms against US surveillance practices.
5 Also known as data subject access requests, this is where individuals have the right to request a copy of any of their personal data which is being used in any way by organisations.
6 As per DLA Piper GDPR Fines and Data Breach Survey January 2025
7 As per European Commission statement of May 21 2025
8 As per DPC Annual Report 2023 and DPC guidance.
[1]GDPR legislation came into effect on May 25, 2018
[2]As per Coimisiún na Meán opens review of online platforms’ compliance with EU Digital Services Act & Statement on Online Safety Code
[3] A data governance framework creates a single set of rules and processes for collecting, storing and using data.
[4] A decision by the Court of Justice of the European Union that impacts how personal data is transferred from the EU to the US. This ruling emphasized the need for better protection mechanisms against US surveillance practices.
[5] Also known as data subject access requests, this is where individuals have the right to request a copy of any of their personal data which is being used in any way by organisations.
[8] As per DPC Annual Report 2023 and DPC guidance.
