Data Protection – What You Need To Do
18 May 2017
With only one year remaining before the new EU regulations on GDPR come into effect the words whispered the most at the IBEC Employment Law Conference on the 11th of May were ‘Data’ and ‘Protection’.
John Keyes, the Assistant Commissioner in the Office of Data Protection, highlighted several key areas of thought, which will be areas of concern to many businesses. He urged consideration be given to what data is being kept, how it is stored and used – is it necessary or of value to your business or could you overhaul what information you are holding on Employees, Customers, Clients, etc. As HR/legal professionals, this is a key consideration going forward.
Most importantly though was ‘does your business need a Data Protection Officer…?’ a question that unfortunately appears the most difficult to answer. One guideline floated was that if your business has a headcount numbering over 250 then absolutely you should look to appoint a DPO. However, does this account for businesses with a fluctuating headcount, or who utilise contractors, sub-contractors, temporary and part-time staff? The list goes on...
In addition to this, there is the subject of data breaches. Including the much reported and headline grabbing large, international computer hacking scandals, data breaches can also be simplistic and frequent instances. A letter or document mailed to the wrong recipient, a file misplaced or left in a public place, or sensitive material left on a shared printer or work station. John Keyes explained that these are all ‘data breaches’ and fall under new guidelines giving you 72 hours in which to make a report to his office.
With new rules come new responsibilities and subsequently new consequences for not complying. Figures of €20m or 4% of preceding years’ turnover were quoted as administrative fines – which is definitely grabbing everyone’s attention.
However, the real cost of non-compliance is more subjective….. Trust. Can your business afford to lose the trust of customers, your clients, the people you do business with or your own employee base? With the removal of the administrative cost (€6.35) for an Access to Data request, the rise in individual requests will almost certainly rise to unprecedented levels, meaning how you store, manage, process and utilise their data will determine will be scrutinised more closely than ever before.
Do you need a Data Protection Officer? Can you afford to appoint one, or probably more importantly, can you afford not to appoint one? It is certainly a difficult decision and one that will take time to determine but, with May 2018 only one year away, another certainty is that now is the time to start that decision-making process. The Office of the DPC will assist with material in deciding this and Brightwater can help you in finding this important person for your business.
Brendan McCarron is the Assistant Manager of Brightwater’s HR division.