New data law means ‘ongoing’ work

New data law means ‘ongoing’ work
Donal Cahalane of Cork-based Republic of Work

By Pádraig Hoare

Businesses and organisations must realise compliance with the General Data Protection Regulation (GDPR) is ongoing and must be factored into business models, an IT expert has warned.

Donal Cahalane of Cork-based Republic of Work said he feared some firms and bodies could be naive enough to think their obligations towards data protection was no longer something to worry about once yesterday’s implementation deadline had passed.

The GDPR was ratified in 2016 following four years of negotiation, replacing the existing directive on data protection. Unlike an EU directive, which can be implemented over a certain time, the regulation was made law once it began yesterday, meaning penalties can be imposed from the beginning.

The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy.

It not only applies to organisations within the EU but also to firms that do business inside member states.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

Mr Cahalane said: “Everyone has been obsessed with sorting out what needed to be done to meet yesterday’s deadline, and some think that is that. However, business processes now have to be designed with data protection in mind.

“Whether you are a one-person barbershop or a multinational, you have the same requirement. There is going to have to be a big change in the behaviour of business.”

Some small businesses reported how they lost up to 90% of their mailing list in the run-up to GDPR with users not opting in to continued communication.

Mr Cahalane said it was “likely that a big household name” would come under scrutiny in the near future in order for data protection chiefs to show they were serious about GDPR.

The GDPR does not only apply to companies and organisations within the EU, but also to those who do business or have customers in the bloc.

A number of popular websites were unavailable to EU users as soon as the GDPR was implemented, including US newspapers and television channel websites.

The Los Angeles Times, Chicago Tribune, Baltimore Sun and The New York Daily News were unavailable to visitors within the bloc, while websites belonging to the History Channel and the Lifetime Channel were also unavailable to EU users.

More in this Section

Dublin Port project raises concernsDublin Port project raises concerns

Unions call for pay-gap disclosuresUnions call for pay-gap disclosures

Brexit still means Brexit for this islandBrexit still means Brexit for this island

Irish companies to win as UK trade spat thawsIrish companies to win as UK trade spat thaws


We hear a lot about the geese, ducks and swans that arrive here from colder climes for the winter, but much less about smaller birds that come here to escape harsher conditions in northern Europe.Keep an eye out for redwings this winter

More From The Irish Examiner