You’d be amazed how much personal information you give away on a daily basis.
As consumers we often sleepwalk into sharing our data, via social media, through our internet browsing and in signing up to offers, loyalty cards and direct marketing. That data is worth a lot of money to a lot of businesses. But are they processing it legally?
“We are living in a new age for digital data,” says Hilary Treacy of Barbican Data Protection Services, based in Portlaoise. “We now use our personal data socially through posting photographs or checking into locations. This data is tracked and sold to advertisers who use it to target us as individuals. It is also sadly used by cyberbullies.
“Our employers, our banks, our shops, our solicitors, accountants, our GAA club, our Facebook, WhatsApp, Instagram etc will all be expected to be compliant with the new General Data Protection Regulation (GDPR).
“As EU citizens, 12 months from now the legal requirement for how our personal data is managed and processed will have changed forever.
“We are lucky to have our right to privacy recognised as a fundamental human right. The GDPR aims to protect us from ourselves, through imposing obligations on those with whom we share the data and upholding that right to privacy.” Hilary Treacy worked as an in-house solicitor previously advising large companies on their data protection obligations.
Right now we are half-way through a two-year grace period granted by the EU for these organisations to get their personal data processes compliant with EU law, or else face the consequences. By the end of May next year, the Data Protection Commissioner (based in Portarlington) will have the power to enforce the GDPR.
“This is a very serious issue,” adds Hilary. “Any organisation who didn’t use that grace period to meet compliance may face fines of up to 4% of turnover. There could also be claims for compensation from their customers or employees, and possibly most damaging of all, a loss of goodwill and damage to their reputation. Some businesses may struggle to survive, especially if their customer base loses trust in them.
“Most breaches of Data Protection are down to employee negligence. Someone sending something to a wrong address or forgetting about hidden columns in a spreadsheet which contain someone’s personal data. It’s often down to working too fast or being under pressure but it can have serious consequences. It only takes one person to inadvertently cause a data breach.
“The Data Commissioner already has the power to prosecute organisations and their directors personally if they are found to have consented to or been aware of what led to the breach.”
If you are in business, or if you are a concerned citizen who wants to know more about your rights, you can find out more about the GDPR at an event in Portlaoise next week. Hilary Treacy is running a three-hour half-day seminar in the Midlands Park Hotel Portlaoise on Thursday, May 25.
Hilary runs in-house seminars for businesses around the country but this is her first time to do it in this format and it offers businesses and individuals the opportunities to inform themselves fully of this issue.