Whether you are self-employed or run a business with lots of employees you need to know your obligations under new data protection regulations. That’s according to Fianna Fáil activist James Doyle who spoke with the Wicklow Times recently. And with penalties of up to €20m for non-compliance perhaps that’s advice worth paying attention to.
“To do business you need to hold information. Phone numbers, email addresses, delivery addresses, order preferences, bank accounts. The list goes on. To the extent that any information identifies a living person it is what’s typically known as “personal data”. The law isn’t saying to businesses ‘you can’t keep personal data, so give it back or get rid of it’. If it did that no employee could be paid a wage for example. No. What the law is saying is that you need to be careful with how you hold or use that data.”
Doyle, a qualified legal professional, makes the point that “Data protection laws have existed in Ireland for 30 years. Although being something of a game changer, the general data protection regulation (GDPR) is more or less the latest instalment in the data protection series. Sure, the rights and responsibilities around people’s data are being strengthened but businesses now have the opportunity to make themselves ready for the new regime by informing themselves and accommodating such changes before its’ roll out.” claims the Bray activist.
“Take for example the rules around ‘data access requests’. Today an individual who requests a copy of his or her personal data from their phone company or former employer can expect to receive it within 40 days. From 25th May onwards the timeframe shortens to 30 days.”
“Legal compliance starts with awareness. On personal data, I’m calling on local businesses to make themselves aware of what they must do to safeguard the personal data they control and process. The Data Commissioner’s website is a good starting point. The section dedicated to the General Data Protection Regulation (“GDPR”) sets out some questions for business people to ask themselves about the types of information they hold, on whom, for what purpose and with what security controls”.
The General Data Protection Regulation comes into effect on 25th May 2018. For more information regarding the General Data Protection Regulation visit www.dataprotection.ie.