The Irish DPC (Data Protection Commissioner) Helen Dixon has described GDPR as “a game-changer” for Irish businesses, at a recent conference in Dublin, Ireland (17th and 18th November 2016, PDP).
Reviewing the ways in which GDPR impacts daily operations for Irish businesses, Commissioner Dixon commented that “the necessary processes to maintain data integrity were vital for avoiding data breaches”, which bring the risk of fines of up to €20m or 4% of global turnover.
Commenting that “the basics were still tripping many organisations up”, Commissioner Dixon went on to highlight a number of business sectors which are causing her office particular concern. These included the direct marketing sector, technology startups, and also public organisations where she stressed the need for processing to be modernised, noting that “the new bar for consent is unlikely to be met by public sector bodies”.
Above all, Irish businesses needed to “prepare for the new accountability regime”, since under GDPR the ability to demonstrate compliance clearly – and prove it – was itself as important as the correct procedures. “Consider whether current safeguards and bases for processing comply”, she commented, “and whether you will be capable of notifying breaches within 72 hours”.