Data protection ‘monster’ looms

Awareness around a new European law on the protection of personal data is increasing, but its implications for Irish firms requires a “massive push”, according to technology experts.

Pat Larkin, CEO, and Paul Hogan, CTO, Ward Solutions. Picture: Philip Leonard

The new general data protection regulation, or GDPR, which comes into place in May next year, means private and public companies will have to take more care than ever over the ways they store and protect the data of citizens in the EU.

It is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy.

Unlike an EU directive, which can be implemented over a certain time, the regulation becomes law from May 2018, meaning penalties can be imposed from the very first day.

It applies to organisations in the EU but also to any foreign firms doing business inside the bloc.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

Chief executive of Cork-based Smarttech, Ronan Murphy, said the law was a “monster” in the scope of the regulations, saying that a massive push was needed to make as many organisations as possible aware before the May deadline.

“First off, GDPR is a good thing as it is to protect all of our data and aims at preventing breaches. There is a lot of scaremongering about the new regulation, which needn’t be the case.

“However, that doesn’t mean it shouldn’t be taken very, very seriously indeed. We are way, way behind still unfortunately but thankfully there does seem to be growing awareness,” he said.

According to cyber security experts, under the new regulation, Irish firms will have to comply with up to 90 principles relating to data protection.

Mr Murphy added: “What it boils down to is that data protection officers will be able to ask how data is stored, protected, kept and used on customers, consumers, employees, etc. It will affect companies, government agencies, private public partnerships, universities,” he said.

He said he would advise firms to carry out a readiness assessment to see how prepared they were for the new law.

“While the law is implemented on day one and fines can be imposed on non-compliant firms, I would imagine firms taking steps to comply would be looked more favourably upon even if not fully-compliant,” he said.

Dublin-based IT security firm Ward Solutions said demand for GDPR services had grown so much in recent months that it was creating a new €300,000 unit.

Chief technology officer Paul Hogan said: “With GDPR looming on the horizon, there are huge fines in play for any organisation that fails to demonstrate compliance. Demand for this service is so high that 15 of our experienced data privacy consultants are now working solely on GDPR.”

More in this Section

On Brexit, the rubber hits the road for UK car firms

Shares worry focus on US rates

Brexit will hurt bad but let’s not overstate the costs

Pharma lifts the Trump blues for Ireland

Breaking Stories

Minister Richard Bruton launches supercomputer naming competition

Email accounts can be a treasure trove for hackers, experts warn

34% of Irish adults likely to implement smart home technology in future - survey

RaboDirect Ireland to close


The biggest cancer killer will take your breath away

Hopefully she had an idea...

Power of the press: Meryl Streep and Tom Hanks discuss 'The Post'

More From The Irish Examiner