talks to Ciara Lucy of IT firm Spearline, which is aiming to make Skibbereen the most GDPR-ready town in the country ahead of the new EU data protection laws being introduced in May.
Skibbereen native Ciara Lucy is leading an all-female software team to ensure the West Cork town will be “the most GDPR-ready town in Ireland” when the EU’s new data protection law comes into force in May.
With companies all over the EU scrambling to become compliant with the general data protection regulation (GDPR) in less than two months, Ms Lucy and the team at the newly-formed Spearline Risk and Compliance want to ease the worries of SMEs in their locality.
Spearline Risk and Compliance is the latest venture from Skibbereen IT firm Spearline, Cork Chamber’s SME of the Year, which allows clients such as Google, Amazon and Microsoft to monitor their global telecoms footprint.
Ms Lucy was enticed back to Skibbereen by Spearline co-founder Kevin Buckley, having worked with the likes of Voxpro and Starwood Hotels in the past two decades, spending years in Austin, Texas with the latter.
“Kevin Buckley and I have always known each other. I’d been watching him for a long time, marvelling at what Spearline was doing.
I always felt I wanted to do something here. When Kevin approached me last July, it was a big jump. I loved Voxpro but this was Skibbereen calling and I made the right decision.
“GDPR is a fascinating area. Kevin is quite the visionary, he sees things before they happen. He had been looking at this for a year. He began to get Spearline compliant with GDPR and realised there was no software in the market that can do it all,” said Ms Lucy.
GDPR is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy. It not only applies to organisations within the EU but also to firms that do business inside member states.
If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.
Ms Lucy is managing director of Spearline Risk and Compliance, Gráinne O’Keeffe is head of innovation and Fiona Ryan is customer engagement manager.
Gráinne O’Keeffe is one of my oldest friends, is an incredible talent and also from Skibbereen. She has spent the last 20 years between New York, Tokyo and London in senior roles with Goldman Sachs. She’s superb on risk and operational issues and she leads innovation. It was her ambition for Skibbereen to be the most GDPR-ready town in Ireland.
While businesses of all sizes must be GDPR compliant by May, Ms Lucy said there was still a long way to go for many.
While Spearline Risk and Compliance is a commercial firm, it is offering its expertise pro-bono to local businesses in Skibbereen through an information workshop this month. If it takes more than one workshop, Ms Lucy said, then so be it.
“There are some companies that have been all over GDPR and really have a lot done. But I think they are more in the minority. What I am finding is that people are scared of it. I have friends and families in Skibbereen in local businesses, people that do not have huge margins to deal with it.
“This is something that would be so far away from their day-to-day life. This is not their comfort zone. Our product is not something they would probably buy. We actually started worrying because some small businesses don’t even know about it — the letters GDPR mean nothing to them.
“It’s a way of giving back to our community because we care. We want to see businesses opening, not closing. The 4% of revenue fine could put someone out of business,” she said.
Breaking down the complexities of GDPR into something simple is vital, according to Ms Lucy.
“The legislation is not digestible for the man on the street. It’s written for lawyers. We’ve spent time breaking the legislation down into an easy digestible format so that people can walk step-by-step through the process, and where it does get complicated, put in professional tips.
“We’ve worked with a solicitors firm where they have given us a lot of information. For instance, is someone a data processor or a data controller — that is a key fundamental thing you need to be clear on when you are starting off.”
Ms Lucy said GDPR is actually a positive thing for businesses and customers once the work is put into it.
“Data is our new raw material. There are all sorts of things people are doing with data that are scary," she said.
There is a lot of scaremongering too, which isn’t helping because people feel they are being pushed into this. If people were to just step back, and look at the benefits, this will actually bring a lot of good practices to businesses. It is just a massive operational change for some people.
The most satisfactory element for Ms Lucy was watching Skibbereen transform itself into one of the best-known IT towns in the Republic through firms like Spearline and the Ludgate Hub for IT businesses.
“Who would have ever thought — certainly not me as a young girl going to school in Skibbereen — that there would be an all-female software team here? Like all people who were born in small-town Ireland, there weren’t many options in Skibbereen when I was growing up. Now there are and I am thrilled to be a part of it,” she said.