Data protection ‘monster’ looms

Awareness around a new European law on the protection of personal data is increasing, but its implications for Irish firms requires a “massive push”, according to technology experts.

Pat Larkin, CEO, and Paul Hogan, CTO, Ward Solutions. Picture: Philip Leonard

The new general data protection regulation, or GDPR, which comes into place in May next year, means private and public companies will have to take more care than ever over the ways they store and protect the data of citizens in the EU.

It is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy.

Unlike an EU directive, which can be implemented over a certain time, the regulation becomes law from May 2018, meaning penalties can be imposed from the very first day.

It applies to organisations in the EU but also to any foreign firms doing business inside the bloc.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

Chief executive of Cork-based Smarttech, Ronan Murphy, said the law was a “monster” in the scope of the regulations, saying that a massive push was needed to make as many organisations as possible aware before the May deadline.

“First off, GDPR is a good thing as it is to protect all of our data and aims at preventing breaches. There is a lot of scaremongering about the new regulation, which needn’t be the case.

“However, that doesn’t mean it shouldn’t be taken very, very seriously indeed. We are way, way behind still unfortunately but thankfully there does seem to be growing awareness,” he said.

According to cyber security experts, under the new regulation, Irish firms will have to comply with up to 90 principles relating to data protection.

Mr Murphy added: “What it boils down to is that data protection officers will be able to ask how data is stored, protected, kept and used on customers, consumers, employees, etc. It will affect companies, government agencies, private public partnerships, universities,” he said.

He said he would advise firms to carry out a readiness assessment to see how prepared they were for the new law.

“While the law is implemented on day one and fines can be imposed on non-compliant firms, I would imagine firms taking steps to comply would be looked more favourably upon even if not fully-compliant,” he said.

Dublin-based IT security firm Ward Solutions said demand for GDPR services had grown so much in recent months that it was creating a new €300,000 unit.

Chief technology officer Paul Hogan said: “With GDPR looming on the horizon, there are huge fines in play for any organisation that fails to demonstrate compliance. Demand for this service is so high that 15 of our experienced data privacy consultants are now working solely on GDPR.”

More in this Section

Bombardier may sell assets amid C Series crisis

Peugeot to cut 400 jobs in UK

Irish Odeon cinemas firm makes profit of €1.2m

Brexit no deal ‘would hit sterling’

Breaking Stories

Donald Trump: 'I hear Ireland is reducing Corporation Tax to 8%'; Department says no

New wi-fi weakness could let hackers access encrypted data, researchers say

Boris Johnson urges EU to get on with 'serious' negotiations on trade

Lufthansa to make bid for remnants of bankrupt carrier Alitalia, report says


Remembering the dead: Poignant reason behind Cork’s Zombie Walk

Eight events around Ireland to check out for some frightful fun this Halloween

Massacre at mass on Scariff Island

Ask Audrey: 'It’s like I’m in a horror movie called Revenge of the Norries'

More From The Irish Examiner