GDPR: Greater control over use of our online personal data is on the way
Technology has utterly transformed how we go about our daily lives. Fifty years ago, the presence of a telephone in a family home was considered a luxury.
Back then, it would have been unimaginable that, one day, we would all carry in our pockets a device that allowed us to make video calls to anywhere in the world, instantly send a letter, do our shopping, manage our banking affairs and interact effortlessly with people from across the globe.
While we may not always think about it, the personal information we provide online helps companies and organisations to identify our habits, needs and wants.
Ireland's Data Sec 2018/GDPR conference takes place on Monday April 9 at the RDS, click here to buy tickets
As consumers, it is vital that we can have confidence that this personal data is used safely and responsibly.
If you were unsettled by recent reports about the alleged misuse of personal data to influence the outcome of international political events, you won’t have been alone. We all need to be aware of the value of the information we provide online, how it can be used, and by whom.
In just 50 days’ time, on May 25, the General Data Protection Regulation (GDPR) will come into force in all EU member states, including Ireland.
The GDPR will give each of us greater control over the use of our personal data.
For example, it will give us the right to obtain details of how our data is being processed, the right to obtain copies of data held, the right to have it corrected, and the right to have that data erased where there is no legitimate reason for its retention, effectively a right ‘to be forgotten’.
GDPR will also mean that, for the first time, individuals may seek compensation through the courts if they suffer damages arising from breaches of their data privacy rights.
To ensure these rights are upheld, organisations will have to abide by strict standards. They will be required to tell people, in clear language, why and how their data is being used. Companies and organisations will also have to take steps to reduce the risk of a data breach. Failure to do so may expose them to substantial fines – of up to €20m or 4pc of global turnover – or to restrictions in their capacity to process data in future.
We know GDPR brings changes and challenges for organisations and businesses, both big and small, but it is not something to fear.
On the contrary, a business which can show it is complying with GDPR will have a competitive edge, and the more accurate levels of data processing required by the GDPR may also inform better business decision-making.
While enhanced privacy rights are essential, a strong and independent regulator is fundamental to ensuring that any alleged breaches of our rights can be investigated and adjudicated on.
Our Data Protection Commissioner, Helen Dixon, has an excellent track record in this regard and has earned the trust of the public and of enterprises, large and small, that operate in Ireland.
The job of the Data Protection Commissioner’s office is growing, and we are beefing up its staff and resourcing to reflect that.
Since 2014, the office has seen a six-fold increase in its budget and it has a dedicated team in place to regulate the big multinational tech firms which are based here in Ireland.
So with 50 days to go to GDPR, it is time for everyone to be aware of your rights and obligations. As a first stop, the Data Protection Commissioner’s dedicated website – www.gdprandyou.ie – offers excellent and impartial guidance and advice.
GDPR is coming – be aware and be prepared.
Pat Breen is Minister of State with special responsibility for trade, employment, business, EU digital single market and data protection
Dublin Data Sec 2018 is an Independent News & Media event, please visit independent.ie/datasec2018 for further information and ticket details