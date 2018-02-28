By Pádraig Hoare

The “penny has still not dropped” for many firms less than three months before the EU’s new data protection law comes into force, an expert has warned.

Data Protection Commissioner (DPC) Helen Dixon reported a 79% increase in complaints received in 2017 from the previous year -- a figure that will rise much higher once the General Data Protection Regulation (GDPR) becomes law in May, according to the chief executive of Cork-based IT security firm Smarttech.

Ronan Murphy said that despite high-profile entities like Manchester United publicly taking their GDPR requirements to protect citizens’ data seriously in recent days, it was still not fully resonating with Irish firms, many of whom had been complacent.

The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy. It not only applies to organisations within the EU but also to firms that do business inside member states.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.

Manchester United used its advertising hoardings at Old Trafford during Sunday’s match against Chelsea to remind fans they needed to “opt-in” to continue receiving emails from the club.

Mr Murphy, whose firm is running the Zero Day Con cybersecurity conference in Dublin on march 7, said the message was “finally sinking in” for entities like Manchester United but that Irish SMEs were still largely unaware of their compliance requirements.

“Complaints to the DPC were up 79% last year, and will undoubtedly rise again because of GDPR. Yet the penny has still not dropped for many. Overall the law will be a good thing for citizens, but companies need to take their obligations seriously,” he said.

Ms Dixon’s annual report said total complaints received in 2017 was 2,642, compared with 1.479 in 2016.

Some 2,795 valid data security breaches were recorded in 2017, representing an increase of 26% on the number of breaches recorded in 2016.

Six entities were prosecuted for offences in respect of electronic marketing, covering 42 offences, according to Ms Dixon’s report.