Data protection ‘monster’ looms

Awareness around a new European law on the protection of personal data is increasing, but its implications for Irish firms requires a “massive push”, according to technology experts.

Pat Larkin, CEO, and Paul Hogan, CTO, Ward Solutions. Picture: Philip Leonard

The new general data protection regulation, or GDPR, which comes into place in May next year, means private and public companies will have to take more care than ever over the ways they store and protect the data of citizens in the EU.

It is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy.

Unlike an EU directive, which can be implemented over a certain time, the regulation becomes law from May 2018, meaning penalties can be imposed from the very first day.

It applies to organisations in the EU but also to any foreign firms doing business inside the bloc.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

Chief executive of Cork-based Smarttech, Ronan Murphy, said the law was a “monster” in the scope of the regulations, saying that a massive push was needed to make as many organisations as possible aware before the May deadline.

“First off, GDPR is a good thing as it is to protect all of our data and aims at preventing breaches. There is a lot of scaremongering about the new regulation, which needn’t be the case.

“However, that doesn’t mean it shouldn’t be taken very, very seriously indeed. We are way, way behind still unfortunately but thankfully there does seem to be growing awareness,” he said.

According to cyber security experts, under the new regulation, Irish firms will have to comply with up to 90 principles relating to data protection.

Mr Murphy added: “What it boils down to is that data protection officers will be able to ask how data is stored, protected, kept and used on customers, consumers, employees, etc. It will affect companies, government agencies, private public partnerships, universities,” he said.

He said he would advise firms to carry out a readiness assessment to see how prepared they were for the new law.

“While the law is implemented on day one and fines can be imposed on non-compliant firms, I would imagine firms taking steps to comply would be looked more favourably upon even if not fully-compliant,” he said.

Dublin-based IT security firm Ward Solutions said demand for GDPR services had grown so much in recent months that it was creating a new €300,000 unit.

Chief technology officer Paul Hogan said: “With GDPR looming on the horizon, there are huge fines in play for any organisation that fails to demonstrate compliance. Demand for this service is so high that 15 of our experienced data privacy consultants are now working solely on GDPR.”

More in this Section

Too early to tell whether prices and wages will rise

Little room for hot air in energy debate

No secret to games success for 9th Impact

US tax plan could still prove to be Ireland’s undoing

Breaking Stories

Former Facebook exec says he feels ’tremendous guilt’ over creation of site

Facebook to pay taxes in country where advertising profits are earned instead of via Dublin HQ

Further talks to be held as thousands of Bombardier jobs hang in balance

Brexit continues to pose major risk to Irish economy, warns Central Bank


No wee feat: Daniel back in the charts with new album this Christmas

The League Of Gentlemen sketch troupe back on TV screens after 15 years

Get ready for the Jedi in latest Star Wars instalment

A heavy burden for such young shoulders caring for parents this Christmas

More From The Irish Examiner