What is Data Protection?
It is a set of rules governing the privacy and security of personal data laid down by the European Commission.
Any piece of information that can be used to identify an individual, is considered data. Therefore, data […]
Data Subject Access Requests (DSARs)
GDPR Compliance: How to manage your Data Protection during Covid-19?
Governments, as well as public, private, and voluntary organisations, are taking […]
General Data Protection Regulation [GDPR]
Binding Corporate Rules (BCRs)- a set of binding rules put in place to allow multinational companies and organisations to transfer personal data that they control […]
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and […]
Data controllers who are found guilty of offences under the Acts can be fined up to €100,000 on conviction and may be ordered to delete all or part of their database.
The Data Protection Commissioner publishes a report annually naming, in certain cases, data controllers who were investigated by his office.
Civil sanctions may result where a person suffers any damage as a consequence of failures on the part of a data controller to meet his/her obligations.
In November 2013 it was discovered that the personal information of more than 1,500,000 people was compromised by a major security breach at a Co. Clare based company. In an RTE Morning Ireland interview at the time, Mr. Hawkes admitted that “cyber-criminals have become extremely sophisticated and it can be quite difficult to actually identify that your system has been perpetrated.” This was one of the worst data breaches in Irish history.
The Society for Chartered IT Professionals in Ireland, known as the Irish Computer Society (ICS), carried out a recent survey on data protection in Ireland and the results, which were published in January 2014, were astonishing.
256 Irish based companies were surveyed and a record number of data breaches were reported to have occurred in 2013. Findings revealed that one in two of the surveyed companies experienced a data breach during the last 12 months. In fact, more than 20% of the companies contacted by the ICS reported multiple breaches. These statistics mark a significant increase on last year’s figures when 43% of companies examined reported a breach.
According to the results, one third of employees are not fully aware of data protection issues and many receive insufficient data protection training or, alarmingly, no relevant training whatsoever.
Several IT managers admitted that data protection policies are not implemented at all in their company or they are only partially adhered to. The survey has highlighted the need for companies to manage their data processing environment much more carefully and provide additional training for their IT administrators and all employees who have contact with personal information pertaining to employees/clients. According to the ICS survey, negligence on the part of employees accounted for 77% of the reported incidents. Hackers seeking to obtain data and unencrypted laptops were also cited as major threats.
According to Fintan Swanton, Chairman of the Association of Data Protection Officers, “Clear policies and procedures are vital, with regular refresher training and timely reviews to ensure that staff are complying with the structures.”
It is important for employers to be aware that new data protection legislation will require most organisations to appoint a Data Protection Officer.
