It's fantastic to think about where Ireland is placed in terms of data. The data capital of Europe by all accounts. Head of Google in Ireland, Ronan Harris' comments make for exciting reading. The eyes of the world will be on our Data Protection Commissioner over the next 2 years as Europe gets to grips with the new Data Protection regulations. Thankfully the Commissioner is finally starting to get the necessary resources and has made it clear that one of her main priorities for 2016 is getting the right technical and legal skills in place in the Commissioner's office.
The Data Protection regulations are being referred to as a 'new dawn' for data protection but this is actually not quite the case. The regulations do provide for a privacy by design focus and an EU framework on enforcement but they do not fundamentally change the basic principles of data protection.
At the recent ICS Data Protection Conference many of us practitioners agreed that the regulations set out a framework for what we should have been doing anyway if we were actually data protection compliant. The underlying principles are simple really - what are you collecting, are you collecting too much, do you actually need it, does the person know what you are using it for, is it secure and how long do you need it for? These principles have not changed. The data protection wheel has not been reinvented.
The main change the regulations bring is in forcing organisations to really get to grips with their data protection obligations and stop pushing it to the bottom of the priority pile. Up to now, particularly in Ireland, data protection obligations were often met with the question 'do we have to do that? what's the worst that can happen if we don't?'. Well that question will now be answered - 'yes you do and the worst that can happen is a fine of up to €20m or 4% of annual turnover'. This is not to be sniffed at and finally gives us poor data protection officers and advisors a business case to justify why we are nitpicking about data protection compliance.
The regulations aim to place business focus firmly back on data protection and to give it the full attention it deserves in our risk assessment processes. Data protection will move from an afterthought to an essential business consideration. Good news for data protection officers! While we will still be the annoying people on the project we now have EU backing to force some real organisational change!
“I think Ireland is at a fantastic juncture and for a country that has no natural resources of any huge quantity, we find ourselves at the intersection point of the most important natural resources of the next decade if not longer. And that’s data. ‘There is a great opportunity for Ireland to capitalise on the fact that it is at the intersection of data for Europe and we can build on that and turn it into a strength.”