Warning issued on upcoming general data protection regulation

Two thirds of Irish businesses are unaware of their obligations under the impending “game-changing” general data protection regulation (GDPR) which comes into law next May, a report has found.

The research, undertaken to mark the Data Summit Dublin event on Thursday and Friday, found that 66% of 150 businesses surveyed across the country did not realise what they would have to do regarding the GDPR, an EU regulation with major implications for companies that do not comply.

The research was carried out by iReach on behalf of the Department of the Taoiseach and the Government Data Forum.

The regulation was ratified following four years of negotiation, replacing the existing data protection directive. Unlike an EU directive, which can be implemented over a certain time, the regulation is made law once it begins in May 2018, meaning penalties can be imposed from day one.

The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy. It not only applies to organisations within the EU but also to firms that do business inside member states.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

Cybersecurity experts have warned that companies must begin their preparations now for the GDPR, which has 90 different principles related to data protection, if they are to avoid falling foul of the penalties from next May.

The iReach survey found 47% of Irish respondents are unsure where the data protection responsibilities lie within their respective companies and 62% are either unsure how long their business stores CCTV footage or have no related privacy policy in place.

The Data Summit will assist businesses in adapting to the upcoming regulation.

European Affairs and Data Protection Minister, Dara Murphy said: “Although some businesses have yet to consider the GDPR, this game-changing piece of legislation cannot be ignored. The Data Summit will increase preparedness for the implementation GDPR and ensure businesses are more aware of how they manage and protect data.”