Irish businesses will be obliged to pay more attention to their data protection procedures in future in order to avoid facing huge EU fines in the event of a data breach. This was the message from Matheson Partner Anne-Marie Bohan, speaking at the legal firm’s annual Data Protection Day briefing today.
The General Data Protection Regulation (GDPR), which is expected to be approved by the EU parliament in the coming days, is aimed at developing a more coherent and uniform data protection regime across the EU Member States.
It will require Irish companies to ensure privacy is in-built into systems and products, and to report privacy breaches to authorities, or face sanctions of as much as 4% of global revenues.
“Misuse of customer data or data breach will be an expensive mistake for Irish businesses and given the findings of the Irish Computer Society that a third of Irish companies surveyed has experienced a data breach in the last 12 months, this is a serious issue for Irish business,” Ms Bohan said.
“The considerable risk associated with noncompliance means that Irish businesses - both indigenous and international companies operating in Ireland - need to have a better understanding of where the personal data in their organisations is stored, who has access to it and what it is used for, and how it is secured. Ultimate responsibility for data protection compliance will now rest firmly at management and board level,” she added.