Majority of Irish firms woefully unprepared for game-changing GDPR

12 Jun 2017

GDPR could lead to fines of up to €20m, or 4pc of turnover. Image: Garsya/Shutterstock

A whopping 66pc of Irish businesses are unaware of the obligations that will be imposed by the GDPR, which is less than a year away.

Irish businesses are sleepwalking their way into a dangerous new world where they could be exposed to litigation from consumers over how their data is being handled.

Unintended storage of CCTV footage, no privacy policies for employees to follow, and lack of awareness of new rights for consumers under the General Data Protection Regulation (GDPR) regulations are an explosive formula.

‘This game-changing piece of legislation cannot be ignored’

A new survey commissioned by the Irish Government ahead of the upcoming Data Summit in Dublin this week shows that the majority of businesses are unaware of the new EU-wide rules that will come into place on 25 May 2018.

The survey revealed that while 72pc of firm owners believe that data will play an important role in the development of their businesses, about 66pc are unaware of the specific obligations imposed by the GDPR regulations.

Almost half of participants are unsure where the responsibility for data management should lie in their respective organisations. This is despite the fact that failure to comply with GDPR could lead to fines of up to €20m, or 4pc of turnover.

The GDPR makes it considerably easier for individuals to bring private claims against data controllers if their data privacy has been infringed. Even if they have suffered non-material damage as a result of an infringement, they can still sue for compensation.

Unintentional stars of CCTV

The survey also found that 64pc of firms believe that big data will enhance their businesses.

However, businesses could be tripped up by the most basic things – 62pc are unsure for how long they should store CCTV footage and/or have no related privacy policy in place.

“Although some businesses have yet to consider the GDPR, this game-changing piece of legislation cannot be ignored,” said Minister of State for European Affairs, Data Protection and the EU Digital Single Market Dara Murphy, TD.

The Irish Government is holding an international Data Summit that will be held on 15 and 16 June. The event, which takes place at the Convention Centre in Dublin, is being organised by the Department of the Taoiseach and the Government Data Forum.

Among the Data Summit’s key speakers will be Vint Cerf, president and chief internet evangelist of Google, and ‘father of the internet’; Helen Dixon, Data Protection Commissioner; Stewart Baker, a former official in the US Department of Homeland Security and National Security Agency; Stephen Deadman, Facebook privacy chief; and Prof Joe Cannataci, UN special rapporteur on the right to privacy.

“By hosting ‘how-to’ sessions with officials from the Office of the Data Protection Commissioner, officials from our Department of Justice, and representatives of the International Association of Privacy Professionals, the Data Summit will increase preparedness for the implementation [of] GDPR, and ensure businesses are more aware of how they manage and protect data,” Murphy said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years