New data law means ‘ongoing’ work
Businesses and organisations must realise compliance with the General Data Protection Regulation (GDPR) is ongoing and must be factored into business models, an IT expert has warned.
Donal Cahalane of Cork-based Republic of Work said he feared some firms and bodies could be naive enough to think their obligations towards data protection was no longer something to worry about once yesterday’s implementation deadline had passed.
The GDPR was ratified in 2016 following four years of negotiation, replacing the existing directive on data protection. Unlike an EU directive, which can be implemented over a certain time, the regulation was made law once it began yesterday, meaning penalties can be imposed from the beginning.
The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy.
It not only applies to organisations within the EU but also to firms that do business inside member states.
If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.
Mr Cahalane said: “Everyone has been obsessed with sorting out what needed to be done to meet yesterday’s deadline, and some think that is that. However, business processes now have to be designed with data protection in mind.
“Whether you are a one-person barbershop or a multinational, you have the same requirement. There is going to have to be a big change in the behaviour of business.”
Some small businesses reported how they lost up to 90% of their mailing list in the run-up to GDPR with users not opting in to continued communication.
Mr Cahalane said it was “likely that a big household name” would come under scrutiny in the near future in order for data protection chiefs to show they were serious about GDPR.
The GDPR does not only apply to companies and organisations within the EU, but also to those who do business or have customers in the bloc.
A number of popular websites were unavailable to EU users as soon as the GDPR was implemented, including US newspapers and television channel websites.
The Los Angeles Times, Chicago Tribune, Baltimore Sun and The New York Daily News were unavailable to visitors within the bloc, while websites belonging to the History Channel and the Lifetime Channel were also unavailable to EU users.
