Internet users will soon be able to challenge any organisations that use their browsing history to collect personal data from them.
In exactly one year’s time, a game-changing European regulation, known as the General Data Protection Regulation (GDPR), will revolutionise how businesses get, process and store our personal data.
However, results of a new survey show almost two thirds of Irish comp-anies have yet to assess the personal data that they currently hold.
Personal data is any information that can identify an individual person.
According to Ireland’s Data Protection Commissioner (DPC), this includes a name, an ID number, location data (for example, location data collected by a mobile phone), online browsing history, images or anything relating to the physical, mental, economic, or social identity of a person.
Under the GDPR, individuals will have the power to find out how businesses process their data and also obtain copies of what information an organisation holds about them.
However, a new survey published by Ireland’s DPC yesterday shows Irish businesses and organisations are currently vastly underprepared for the impact of the upcoming law.
The survey found that 67% of companies have yet to carry out an assessment of all the personal data they hold.
However, medium-sized enterprises (39%) and SMEs in Dublin (40%) and Munster (37%) are more likely to have assessed this.
A further 57% said they have still to assess why they hold personal data at all and 64% said they have not assessed how long they need to keep this data.
Under the new law, there are serious sanctions and the Irish DPC will be able to fine organisations up to €20 million (or 4% of total global turnover) for the most serious infringements.
Helen Dixon, Ireland’s DPC, said its effect will be felt across the board: “Data protection laws exist to ensure fair play for everyone in how their identity and personal data is used by big corporations, governments and all sorts of organisations and businesses.
“The GDPR is a game-changing overhaul of our current data protection laws. It will impact every type of company and organisation regardless of their size and require many of them to take significant action well before May 25, 2018.”
The DPC said it is “not a surprise” that many companies have yet to get GDPR-ready.
Ms Dixon said that organisations who feel there is “little to fear in ignoring it” could not be more wrong.
An example of an organisation could be a gym that stores email addresses or a petrol station that runs a loyalty scheme and gathers mobile phone numbers.
“Twelve months is not a long time and nobody can afford to delay.
“The first step for a business is to conduct an analysis to know what data you have, why you have it and what you do with it,” Ms Dixon said.
A new website, GDPRandYOU.ie, has been set up to guide people on how the law will affect them.
© Irish Examiner Ltd. All rights reserved