As GDPR comes into law today across Europe, the balance of power will shift from tech giants to people, says Ireland’s Data Protection Commissioner, Helen Dixon.
All across the EU, the new General Data Protection Regulation (GDPR) becomes law today (25 May) and any company that processes or collects data runs the gauntlet of tough new measures.
Most notably, it means big fines of up to €20m or 4pc of annual turnover, whichever is higher. But will that keep big giants such as Facebook and Google in line, or will we see countless other data-hungry piranha who like to swim alongside these whales?
‘We can put Ireland on the map as a country that implements and upholds the highest standards of protection of personal information’
– HELEN DIXON
Crucially, the biggest protection – especially after the wake-up call that was the Cambridge Analytica scandal – is the power of the individual to take legal actions against companies that they suspect may have misused their data.
Not surprisingly, Austrian privacy campaigner Max Schrems has already struck the first blow by filing €7bn worth of legal cases under GDPR against Facebook and Google. It is only day one.
People have the power
Ireland’s Data Protection Commissioner (DPC), Helen Dixon, was recently described by The New York Times as “one of tech’s most important regulators” due to her role in policing the myriad of data giants based in Ireland. She said that, crucially, GDPR is about “allowing society benefit from the good in technology but ensuring we are protected from the harms of excessive and unfair processing”.
For Dixon and her colleagues, the onset of GDPR marks the culmination of two years worth of preparation and raising awareness.
A survey carried out by her office has indicated that among Irish businesses, awareness is substantially better than it was a year ago.
It shows a twofold increase in awareness amongst SME businesses in Ireland (90pc) compared to last year (44pc) regarding the major changes the GDPR brings.
This year, five times more SME business executives demonstrate knowledge of the consequences that GDPR will have for their organisations, with 30pc now being able to name three changes compared to only 6pc in 2017.
This year’s survey also shows a 24pc increase in the levels of awareness of the penalties imposed on companies for failure to comply with the GDPR (65pc in 2018 compared to 41pc in 2017).
“I am hugely encouraged by the results of our awareness survey and by the strong engagement we have had with so many organisations in the last year,” Dixon said.
“Together, we can put Ireland on the map as a country that implements and upholds the highest standards of protection of personal information.”
Only time will tell how GDPR will filter down to ordinary internet users.
Today, people will see notices appear all over their go-to websites asking them to comply or tick a box. Many will do so without reading the fine print. Many will find that their email inboxes might be lighter because they haven’t renewed subscription requests.
Ostensibly, one of the biggest and most anticipated shifts will be how people will be marketed to. Will there be less noise or will it all become more nuanced?
But the real test of GDPR will occur when the next Cambridge Analytica-style scandal rocks us to our core. Only then will we find out if people have the power and whether tech giants or data harvesters will be shaking in their boots.
Remember, it is only day one of GDPR.