It's amazing how the prospect of fines has really brought data protection compliance into sharp focus. It's very encouraging that we are receiving queries each week on how companies can get GDPR ready and it seems that Irish businesses are not dragging their heels when it comes to getting their date protection regime ship shape.
Brexit seems to be hampering efforts to get GDPR ready in the UK. A survey of thousands of IT professionals in the UK found that 80% of those surveyed said their company was vulnerable to attack. Yet more than 50% were unaware of GDPR requirements.
GDPR is not rocket science and to be honest most of its principles are concepts companies should already have in place. What is important is that companies start a compliance programme now to identify where they may have data protection gaps and what measures need to be implemented to fill those gaps.
My advice is to start simple. Look at the personal data you hold, why, and where it comes from. From that you can build out on other items such as the basis on which it can be processed, how long it is retained for and the security that needs to be applied to it. As part of this process you should look at supplier and third party contracts and put a data retention schedule in place. A data access request process and a breach notification procedure will also take you far in terms of compliance. There are 18 months do this and a lot can be achieved by simply getting started.
Happy privacy day!
If you need advice on data protection and GDPR compliance please contact a member of our Employment Law & Data Protection Team:
Disclaimer:This article is for guidance purposes only. It does not constitute legal or professional advice. No liability is accepted by Leman Solicitors for any action taken or not taken in reliance on the information set out in this publication. Professional or legal advice should be obtained before taking or refraining from any action as a result of the contents of this publication. Any and all information is subject to change.
In Ireland, things look a bit better. In a recent survey of 200 IT professionals, 80pc were in companies that have already appointed a data protection officer. The vast majority of these come from IT backgrounds, though, which could prove troublesome. But on a grander scale, GDPR adoption seems a confused mess. SAP, the German software giant, recently raised its own concerns on the incoming regulations, claiming that the penalties were too high, “especially for just a single violation”.