Awareness around a new European law on the protection of personal data is increasing, but its implications for Irish firms requires a “massive push”, according to technology experts.
The new general data protection regulation, or GDPR, which comes into place in May next year, means private and public companies will have to take more care than ever over the ways they store and protect the data of citizens in the EU.
It is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy.
Unlike an EU directive, which can be implemented over a certain time, the regulation becomes law from May 2018, meaning penalties can be imposed from the very first day.
It applies to organisations in the EU but also to any foreign firms doing business inside the bloc.
If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.
Chief executive of Cork-based Smarttech, Ronan Murphy, said the law was a “monster” in the scope of the regulations, saying that a massive push was needed to make as many organisations as possible aware before the May deadline.
“First off, GDPR is a good thing as it is to protect all of our data and aims at preventing breaches. There is a lot of scaremongering about the new regulation, which needn’t be the case.
“However, that doesn’t mean it shouldn’t be taken very, very seriously indeed. We are way, way behind still unfortunately but thankfully there does seem to be growing awareness,” he said.
According to cyber security experts, under the new regulation, Irish firms will have to comply with up to 90 principles relating to data protection.
Mr Murphy added: “What it boils down to is that data protection officers will be able to ask how data is stored, protected, kept and used on customers, consumers, employees, etc. It will affect companies, government agencies, private public partnerships, universities,” he said.
He said he would advise firms to carry out a readiness assessment to see how prepared they were for the new law.
“While the law is implemented on day one and fines can be imposed on non-compliant firms, I would imagine firms taking steps to comply would be looked more favourably upon even if not fully-compliant,” he said.
Dublin-based IT security firm Ward Solutions said demand for GDPR services had grown so much in recent months that it was creating a new €300,000 unit.
Chief technology officer Paul Hogan said: “With GDPR looming on the horizon, there are huge fines in play for any organisation that fails to demonstrate compliance. Demand for this service is so high that 15 of our experienced data privacy consultants are now working solely on GDPR.”
© Irish Examiner Ltd. All rights reserved