On 25 May 2018, the General Data Protection Regulation (GDPR) came into effect, revolutionising the way that personal data is used and handled.
Representing the largest and most important change to data protection in 20 years, the new EU regulation has fundamentally altered the data landscape in Ireland.
Any organisation that breaches the rules of GDPR faces financial sanctions, reputational damage and public scrutiny over data protection short-falls.
There are challenges ahead for all business units from marketing, to sales, to IT. But there are also opportunities to change your approach to privacy, refresh your systems and ensure they are fit for today’s digital economy.
Ensuring GDPR compliance requires multi-disciplinary skill sets. Our experts can help with the challenges and opportunities ahead.
|July 2009||European Commission (“EC”) launched a consultation regarding challenges for personal data protection, in light of new technologies and globalisation.|
|November 2010||EC issued a Communication to the European Parliament and the Council setting out its approach to revising the legal framework for protecting personal data.|
|March 2011||The Council of the European Union (“CEU”) published its conclusions on the Commission’s approach.|
|January 2012||EC set out its proposals to reform data protection throughout Europe and publishes a draft revised Data Protection Regulation.|
|October to November 2012
||European Parliament (“EP”) led an inter-parliamentary hearing with national parliaments.|
|Autumn 2013||Informal negotiations between EP and CEU as to the drafting of regulation. Separately the European Parliament Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) voted on a compromise text.|
|March 2014||EP held a plenary vote in first reading of the draft Regulation and adopted the LIBE compromise text.|
|May 2014 to June 2015||CEU reached agreement on the general approach of the draft Regulation.|
|June 2015 to December 2015||EC, EP and CEU met to agree the wording of the Regulation in a series of meetings known as trilogue negotiations.|
|December 2015||EC, EP and CEU agreed and finalised the wording of the Regulation.|
|16 May 2017||The Irish Department of Justice and Equality published the General Scheme of the Data Protection Bill 2017, which sets out to ensure Ireland’s compliance with the GDPR.|
|25 May 2018||The Regulation applies to all EU Member States.|
“While imposing higher data protection obligations on business, it should also result in benefits by increasing consumer trust and confidence in new technologies and business models which should in turn facilitate business in reaping the full potential of the digital economy.”
GDPR isn’t just about meeting compliance standards. It’s an opportunity to make customers’ and employees’ data protection rights a key priority. Your organisation has an opportunity to demonstrate the adoption of the GDPR principles within its core values, placing the individual and their right to data protection as a key business objective.
GDPR also brings opportunities to Ireland for international businesses. There are significant efficiencies for multinational companies having their key data management functions located here. If a company makes its data strategy decisions in one EU member state, it is only obliged to report to that Data Protection Commissioner. In a post-Brexit world, it will be appealing to multinationals to negotiate with one Data Protection Commissioner in the only English speaking EU member state, rather than dealing with different jurisdictions with obvious language complexities.