The General Data Protection Regulation (GDPR), which has been four years in the making, comes into effect on 25 May 2018 and will change the emphasis of data protection. It will apply to any organisation that offers goods or services to EU residents or who monitor the behaviour of EU residents and will place them under greater obligation to provide assurance to their boards, customers and regulators that their data protection processes and procedures are fit for purpose.
These were some of the takeaways from a seminar on the topic, organised by Shannon Chamber Skillnet and Ulearning Skillnet, delivered by Grant Thornton.
Any company that processes personal information will need to start preparing for the changes the new Regulation will herald as non-compliance could lead to fines in the order of €10m or 2% of turnover for smaller instances of non-anonymising data or, €20m or 4% of turnover for larger breaches.
“GDPR will give new rights to individuals,” said keynote presenter, Grant Thornton’s associate director Gary McPartland.
“They can object to profiling, can request erasure of data and will have more rights to access their data and to request that it be rectified. Companies will be required to provide fair notice as to why they are collecting data, how long it will be kept for and how it will be protected.”
Listing six lawful reasons which give a company a right to collect data – contractual necessity, consent, compliance with legal obligation, vital interest, public interest, and legitimate interest, he advised attendees to start considering what data they have and what can be done with it.
Urging companies to start their journey to EU GDPR readiness as soon as possible, he recommended a three-step process that includes assessing readiness, building a data privacy implementation plan and sustaining that plan, his parting message to attendees was that compliance is possible but requires work and the time to start preparing is now.
Shannon Chamber chief executive Helen Downes was encouraged to see over one hundred attendees at the seminar: “There is a real appetite among businesses to be GDPR compliant as it is going to be so essential post 25 May next year. It’s a business process change so companies need to start doing self-audits as soon as possible.”
This initial information seminar was organised jointly by Shannon Chamber and Ulearning Skillnets, who are now looking at offering a training programme to enable companies more fully understand their obligations and requirements under the Regulation. Meanwhile, some very useful information is available at http://gdprandyou.ie/ and a self-assessment checklist can be found at https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf