- Thursday 12 April 2018
Adrienne Harrington is CEO of the Ludgate Hub, Ireland's first rural digital hub, a resource providing 1GB of digital connectivity and shared co-working spaces to the West Cork Town of Skibbereen. Previously she worked as Head of Data Protection Policy at the Department of the Taoiseach and has kindly shared some background to the origins of GDPR.
Data plays an increasingly important in the world in which we live. Technology has infiltrated almost every aspect of our lives - at work, at home and in our social life. In this digital age, there is unprecedented volume of personal data being created both by us and about us every day, along with an increase in the ease of access to this data and unfortunately, incidents of wrongful use.
As things stand, our current legislation dates from 1998 and 2003, and predates, for example, many of today’s most popular social media platforms. This legislation is clearly no longer fit for purpose and needs to be updated to take account of the challenges of today’s connected world. Technology is developing at such a speed that the law needs to catch up. Who in 2003 would have imagined the impact social media would have on the world? Or the way we would share information about ourselves and others? Or indeed that many of the documents we use in work are stored in the cloud?The great benefits that digitisation brings need to be enhanced by safety and security measures underwritten into legislation. The General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018, with the Irish government bringing in a new and updated Data Protection Act to allow this to happen.
At a European level, there has been a significantly increased emphasis at the Court of Justice of the European Union on both Privacy and Data Protection as human rights, with a number of high profile cases in recent years cementing these rights. The European Charter of Fundamental Rights provides EU citizens with the right to the protection of their personal data. GDPR puts the rights of the data subject at its core, with the onus on organisations to demonstrate that they are compliant with the new Regulation, which will be a daunting task for many of them.
GDPR is also important because of the increasingly transnational nature of data; data knows no boundaries. GDPR has extraterritorial reach so regardless of where a company is based, it needs to ensure that it complies with the new Regulation if it offers goods or services into any EU member state. In addition, the Regulation will provide for a more uniform interpretation and application of data protection standards across the EU. A single set of rules will apply across all EU member states, thus providing a level playing field for those doing business in the EU digital market.
To sum it up, GDPR will protect the citizens of the EU by safeguarding the privacy of their data. Organisations will face fines of €20m or 4% of their annual turnover if they are found to be in breach of the law, but more importantly I think, breaches will impact on the levels of trust between organisations and their customers. We live in a time when trust in how organisations use our personal data is at a premium, and organisations that breach this trust will increasingly find themselves at a commercial disadvantage.