Businesses that comply with the recently amended Irish data protection laws can use this as a marketing tool and benefit from increased consumer confidence. That’s the view of Carol Leland, one of the authors of A Practical Guide to Data Protection Law in Ireland and an associate specialising in data protection and privacy law with A&L Goodbody.
The publication, which was launched yesterday, offers a practical guide to Irish businesses in relation to compiling, storing and using individuals’ records.
According to Leland, early compliance with the law can confer a competitive advantage on companies, in the same way that businesses embracing environmental laws were able to tap into the notion of ‘being green’ and promote themselves as such. “In the e-commerce environment, you can market the fact that you’re fully compliant,” she said. “If you have a clear, very transparent data protection notice on a website or an application form, it gives a very clear message and engenders trust in a consumer in an era where there is reluctance to giving personal information such as credit card details.”
The guide, which was written by A&L Goodbody’s Data Protection Group, looks at the topic from a commercial perspective and considers the issues faced across a range of sectors. It includes chapters that cover a range of sectors including employment and HR; financial services; healthcare, internet and e-commerce, media and issues arising from transfer of a company in a merger or acquisition.
Many businesses face increased compliance requirements since the ratification of the Data Protection (Amendment) Act in July of last year. Based on the information in the book, companies can conduct an audit to see where they may come into contact with the data protection legislation. “You need to give customers information on how you use any personal information and who you might disclose it to,” Leland pointed out.
For example, direct marketing agencies who have sold one product to a customer and want to sell them another through a subsidiary or associate company, need to get consent from the client to do so.
Although there are financial penalties for non-compliance, as much as €100,000, the greatest sanction is adverse publicity, Leland said. “Nobody wants to be out there seen as processing information they shouldn’t,” she concluded.
By Gordon Smith