Business needs to be aware of GDPR
NOT preparing for the introduction of new EU data protection regulations would be like “going out in Storm Emma dressed in just Speedos and hoping you won’t get cold”.
That was the stark message from Cathal de Baróid, assistant head of enterprise at the Local Enterprise Office (LEO), in his presentation to the Mallow Chamber breakfast briefing last Friday morning.
Mr de Baróid said that while the issue of data protection is not new, the General Data Protection Regulations (GDPR), which will come into force on May 25, will standardise procedures across the EU.
He said that while some people were addressing how GDPR will impact on their businesses, as evidenced by the take-up in a workshop on the issue recently conducted by the LEO, many were still unaware of its implications.
“We knew Storm Emma and the Beast From the East were coming and there was nothing we could do about it. But we could go out and buy 10 sliced pans and 20 litres of milk – and we did,” said Mr Baróid.
“This is far bigger, but people are not prepared. Not being prepared for GDPR would be the equivalent of going out in Storm Emma dressed in Speedos, locking the door behind you and hoping you won’t get cold.
“It’s not going to happen,” he warned.
He said that while much had been made of the fact that fines of up to €20million or 4 per cent of annual turnover could be imposed by the Data Commissioner for breaches of GDPR, the reality was that this related to ‘data warehouses’ such as Google and Facebook.
He said the fact that data and privacy would now be looked on as “currency” was of far more importance to smaller businesses.
“Up to now if I had a data breach in my company and released information that impinged on your privacy, you would have to prove a financial loss before you could take me to court. Under GDPR my client would not have to prove this loss and could take a case against me. I think that’s more relevant that this €20million or 4 per cent of your annual turnover.”
He pointed out that anyone who submitted their data had the right to know why it was being collected, for how long it will be kept, and that it would be “respected and guarded.”
With this in mind, he said it was important that all businesses took the necessary steps to ensure they are compliant with GDPR. These included data audits and amending privacy policies in websites to reflect the new regulations.
“You will also need a privacy retention policy. You will need solid reasons to keep data. While in the past it may have been a case of ‘we might need this in the future’, that will no longer be enough. Written procedures will be important to say that all the necessary steps have been taken if things go wrong.”
Mr de Baróid advised people to visit www.gdprandyou. ie for more information about the new regulations.
He also recommended that people attend GDPR training, with both the LEO and Mallow Chamber saying they would be looking at hosting workshops depending on demand.
Anyone interested in attending a workshop can contact the LEO on 022 43235 or Mallow Chamber on 022 55660.
“Attending a course, learning what you need to do and implementing that is important. I’m not here to frighten anyone. It’s one of those things that once you are prepared for, you will get by,” said Mr de Baróid.
“But if there is a data breach and the data commissioner comes to you and asks what preparation you made, you do not want to be the one saying none,” he concluded.