New data rules cannot be allowed to develop red tape misery

New data rules cannot be allowed to develop red tape misery

It may be easier to say what a developed country is rather than what a developing country is.

The former UN secretary general Kofi Annan once described a developed country as one which allows all citizens to enjoy a free and healthy life in a safe environment. The attractions of his definition are self-evident. He focuses on citizens, life and safety. No mention of business nor of commerce. Nevertheless, when thinking about what a developing country is, concepts involving business come to the fore.

At a recent conference in the Saïd Business School at the University of Oxford, academics speaking about the characteristics of developing countries highlighted matters such as a lack of physical infrastructure – road, rail and (dare I say it) broadband. They also highlighted problems associated with the lack of an educated workforce and fragile legal institutions.

In the developed world, we are arguably in a new phase of developing legal institutions. Among the most notable developments for the business community is the General Data Protection Regulation (GDPR).

GDPR is not an Irish institution. Our GDPR laws flow from EU regulations, and EU regulations have the key characteristic of being applied identically across EU member countries. Because the EU regulations provide for 'one-stop shops' where multinational entities can opt to deal with one regulator in one country for all EU wide matters, Ireland has in recent times become a veritable hub for European data protection.

As GDPR passes its first birthday wrinkles are appearing in its practical operation. GDPR can, unwittingly, prejudice the operation of other necessary forms of policing and regulation. Sometimes these wrinkles appear where the private sector acts as an agent for public sector governance.

Ireland, for example, operates a robust regime for the liquidation of companies, whether voluntarily or by compulsion. The liquidator, who typically is operating in the private sector, is obliged by Irish Company Law to examine the conduct of the directors of the company leading up to its liquidation, and to report to the Office of the Director of Corporate Enforcement any concerns over the conduct of any particular director. This can lead to sanctions on the director.

By and large, government agencies are exempt from GDPR obligations, so can carry out investigative work without being too worried about their processes becoming challenged by the target of any complaint. A tax audit conducted by Revenue is a good example.

But, in a liquidation situation a disgruntled former director can attempt to obtain the private sector liquidator's findings and workings via a data access request under GDPR, and perhaps thwart the work involved in winding up the company.

In an ideal world, this shouldn't matter, but the world is not ideal. Liquidators find themselves obliged not just to carry out their work as liquidators, but also to have the resources to manage and - if necessary - defend data access requests and their consequences.

This matters because we rely on having a robust environment in which companies can establish and operate, and indeed be wound down. It’s fundamental to the Irish business offering.

Developed countries must always keep a balance between legislation and practice. Where there is a mismatch, we call it red tape. Good initiatives and solid legislation, such as GDPR, should not be permitted to create unnecessary red tape.

Dr Brian Keegan is Director of Public Affairs at Chartered Accountants Ireland

More on this topic

Ireland protects privacy of citizens more than any other developed nationIreland protects privacy of citizens more than any other developed nation

Only guilty need fear transparency - Evolving data protection normsOnly guilty need fear transparency - Evolving data protection norms

Are we the wild west of data protection?Are we the wild west of data protection?

Departments unsure of responsibility for overseeing PSCDepartments unsure of responsibility for overseeing PSC

More in this Section

Brexit gloom laid bare in ‘terrible’ UK manufacturing reportBrexit gloom laid bare in ‘terrible’ UK manufacturing report

Fears for hundreds of jobs at multinational firm in ClareFears for hundreds of jobs at multinational firm in Clare

CSO figures show how many Irish firms suffered technology related security incidents last yearCSO figures show how many Irish firms suffered technology related security incidents last year

Revolut growth highlights 'incredible' growth of online banks in EuropeRevolut growth highlights 'incredible' growth of online banks in Europe

More by this author

Flat rate deductions are unfairly squashedFlat rate deductions are unfairly squashed

How to avoid budget disappointment: Don't expect too muchHow to avoid budget disappointment: Don't expect too much

Any Brexit deal is unlikely to tick all the boxesAny Brexit deal is unlikely to tick all the boxes

Ireland must build up its VAT reservesIreland must build up its VAT reserves


Lifestyle

Lacemakers in Limerick want to preserve their unique craft for future generations and hope to gain UNESCO heritage status, writes Ellie O’Byrne.Made in Munster: Lace-making a labour of love rather than laborious industry

More From The Irish Examiner