“Since 25 May 2018, with the application of the General Data Protection Regulation (GDPR), the data protection landscape has changed for individuals and organisations across the European Union,” explains Deirdre McGoldrick, Assistant Commissioner, Irish Data Protection Commission.
“As the national regulator, the Irish Data Protection Commission is responsible for the oversight of organisations based in Ireland, which process personal data.
"Additionally, under the GDPR, a one-stop-shop for multinational companies has been created such that they are supervised by the data protection authority in the EU country in which they have their main authority.”
The world’s largest internet and pharmaceutical companies have in many cases made Ireland their non-US headquarters.
“This means that for entities like Facebook, Apple, LinkedIn and Google, the DPC is the lead supervisory authority in the EU. In practical terms, this means that the DPC is charged with ensuring that these entities comply with data protection law,” she adds.
Over the past year, the importance of data security has come into renewed focus.
“Organisations have been getting to grips with the responsibilities placed on them by the GDPR to have in place appropriate organisational and technical measures to protect the personal information they process.
"With the ever-increasing move toward cloud technology and online solutions in all lines of business, these responsibilities are a cornerstone for ensuring that individuals’ personal data are secure.”
As a regulator, the role of the DPC is wide-ranging.
The expanded enforcement capacity provided to regulators under the GDPR is significant in ensuring the highest standards that can be achieved under the GDPR will be delivered for the benefit of individuals.
“The DPC has seen a significant increase in the volume of complaints and breach notifications it has received since May 25, 2018 rising from the 2,600 and 2,800 respectively it received in 2017 to almost 9,500 and 8,000 respectively in the 15 months under the GDPR.
"In the context of data security, the DPC has launched a number of large scale statutory inquiries into data breaches, which, in some cases, affected millions of individuals across the EU.”
The scope of these inquiries includes the compliance of organisations, across multiple sectors, with the data security provisions of the GDPR.
“While high profile and extremely important, particularly given the DPC’s position as the lead supervisory authority for some of the world’s largest online companies, enforcement is not the only position that the DPC fulfils as regulator,” she outlines.
“The DPC works with organisations and sectors to guide on their ongoing implementation of the GDPR in order to prevent issues arising in the first instance.
"Such an approach can lead to a more efficient way of safeguarding individuals’ data protection rights, while also educating organisations in how data processing should be undertaken.
"Where issues do arise, quite commonly through media reporting, the DPC immediately engages with companies to better understand the issues before determining what path to follow, including whether or not a statutory investigation should be opened.”
Raising public awareness of data protection issues is one of the key tasks placed on the DPC by the GDPR. The DPC has published various guidance on its website (www.dataprotection.ie) since May 2018, dealing with many of the issues that data controllers should be aware of when processing personal data, both in an online and offline context.
The DPC also regularly attends events nationally and internationally to contribute to discussions and enhance understanding, including the FutureSec conference in Cork on September 24 where the DPC will be represented by Assistant Commissioner McGoldrick, who will be taking part on a panel discussing cyber security.
“Events such as Future Sec are a great opportunity for discussion and debate around the crucial area of cyber security and the balance that must be struck by data controllers when advancing online activities, whilst protecting the rights of individuals,” she said.
“I am very much looking forward to hearing the views and ideas of the speakers, and contributing to our discussion on this dynamic area of data protection.”