Irish Companies “Must Prepare Now” for GDPR, Urges Data Commissioner in Newly Released Guidance

Data Protection Commissioner urgers Irish DPO's to prepare for GDPR

Irish companies have been urged by the ODPC to “immediately start preparing” for the forthcoming EU GDPR, in a newly-issued guidance document aimed at helping organisations understand and achieve their path to compliance by the due date of 25th May 2018.

Distilling the 99 GDPR articles into 10 key steps for companies to follow, the guidance document – the first in a series to be released during the next 18 months – takes as its theme the need for companies to act with the utmost urgency, and make maximum use of the preparation window in the run up to May-2018 – starting right away.

Highlighting the newly “robust powers” to fine companies up to €20,000,000 or 4% of global turnover, the guidance states “the sooner you begin to prepare for the GDPR, the more cost-effective it will be for your organisation”.

The guidance helps to explain some of the far-reaching concepts of GDPR, which differ significantly in scope and authority from the current Data Protection Directive. It explains how the concept of “accountability” poses difficult questions at every level of the data management operation inside a business, such as “why are you holding data?”, “how did you obtain it?” and “how secure is it, in terms of encryption?”

The guidance also reflects on the crucial need to implement DPIA (Data Privacy Impact Assessments), as a key strategy in ensuring companies comply with the GDPR’s requirement to embed “privacy by design” as a default approach for all data handling.

The ODPC also notes that fines will be levied in case companies fail to notify the authorities of a data breach within the statutory limit of 72 hours.

Commenting on this particular question of fines, the ODPC makes clear the double risk : “It is worth noting that a failure to report a breach when required to do so could result in a fine, as well as a fine for the breach itself”.

the challenge - wizuda case studies

The board of a multinational medical device organisation required a secure, cloud-based solution which facilitated virtual board member collaboration on key documents in preparation for monthly board meetings.

The documentation was regularly of a highly commercially sensitive nature, largely relating to ongoing clinical trials, and as such demanded a secure and encrypted platform which could be implemented without the engagement of internal IT resources.

Key challenges that need to be  considered:

  • Geographically dispersed stakeholders
  • Highly commercially sensitive documentation
  • No internal IT involvement
  • Multiple stakeholders required to collaborate on
    single documents
the solution- wizuda case studies

Wizuda MFT gave them a centralised view of all their file transfer activities and a network overview of the data flows. IT now had instantly available reporting and could provide geographic maps and network overviews to senior management of all file transfer activities in the organisation. These could also be categorised in ways that made sense for the business from a priorities perspective. Wizuda’s unique ‘Health Check’ dashboard with automated monitoring and alerts, allowed them to manage all transfer operations proactively and ensured they were always on top of any issues.

From a GDPR compliance perspective, transfers could be linked to Data Protection Impact Assessments were required and data could be anonymised as part of the transfer process. Wizuda MFT enabled them to apply the latest security protocols for file transfers and encrypt data at rest and in transit. Passing cyber-security and GDPR compliance audits became a lot easier.

About Wizuda

Developing IT Solutions to Make Businesses Better

At Wizuda we focus on developing IT solutions which help businesses grow and empower people to collaborate and stay connected securely and compliantly. Specialists in secure data transfer since 2001, all development and support operations are carried out from our two Irish 

offices located in Dublin (Wizuda Headquarters) and Limerick. We pride ourselves in developing software solutions that allow organisations to take back control of their file transfer and data sharing operations, enabling them to operate efficiently, securely and compliantly

Quick Contact