Mind your business – prepare for GDPR
Author – Erik O’Donovan, Head of Digital Economy Policy, Ibec
The privacy rights of individuals are safeguarded in relation to the processing of their personal data by organisations. Personal data is any information related to an identified or identifiable natural person (‘data subject’). This definition not only includes names and other factors specific to the identity of the individual but also online identifiers such as an IP address and location data.
The EU has recently reformed its rules on data protection. The General Data Protection Regulation (GDPR) will be directly applicable in all EU Member States, including Ireland, on 25 May 2018. Many existing regulatory concepts on data protection will be retained, but there will be significant changes under the GDPR that require consideration and advance preparation.
Key features of the GDPR include:
- Individuals will have a greater say in how their personal data is collected and processed by organisations.
- The GDPR have an expanded territorial and material scope.
- Implementation will follow a harmonised and risk-based approach.
- There is a higher consent threshold for data processing and data breaches must be reported within 72 hours.
- There will be greater accountability for business and greater sanctions for non-compliance.
Data protection is a key business consideration. In this context Ibec established a members’ cross-sectoral GDPR taskforce and has delivered a series of short guides to help raise awareness and understanding of the GDPR (http://www.ibec.ie/0/GDPR).
These guides were presented at the Ibec regional insight series throughout May 2017 in seven locations across the country. The free events focused on digital innovation and GDPR compliance. The events were being addressed by representatives of the Office of the Data Protection Commissioner have also produced guidance on preparing for GDPR compliance, which can be found at https://www.dataprotection.ie/docs/GDPR/1623.htm