Plea to startup firms on data law

Mr Breen said: “There is a range of information available to assist local enterprise offices companies in complying with their General Data Protection Regulation obligations. As a first step, I would encourage them to visit General Data Protection Regulation andyou.ie which is an excellent source of guidance provided by the Office of the Data Protection Commissioner.”

He said dealing with the regulation’s requirements had to be a priority for small firms. “Don’t leave it until the last minute, now is the time to think about data protection measures,” he said.

The warning comes as more firms specialising in data protection step up their events around the country.

London-headquartered Gemserv said it was hosting a breakfast event on General Data Protection Regulation in Dublin on February 22 because its research had found “companies are either not fully prepared or not aware of General Data Protection Regulation and what it means to them”.

A spokesman for the company said: “While General Data Protection Regulation may seem daunting, and the focus seems to be on the fines, it is actually of a huge benefit for businesses as they have an opportunity to improve their customer service and build on the trust that can be gained with complying to General Data Protection Regulation.”

The regulation was ratified after four years of negotiation, replacing the existing directive on data protection. Unlike an EU directive, which can be implemented over a certain time, the regulation is made law once it begins in May 2018, meaning penalties can be imposed from day one.

The regulation is designed to harmonise data privacy laws in Europe and to protect citizens’ data privacy. It not only applies to organisations in the EU but also to firms that do business in member states.

The regulation also makes it easier for individuals to bring private claims against data controllers.

If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.