Irish companies have been warned that they face major financial penalties unless they take action now to shore up data protection.
Business leaders at a briefing in Cork today will hear from cybersecurity expert Pat Moran of PwC on how they must protect their customers and suppliers from security breaches and that they have to get ready for the EU general data protection regulation (GDPR), which comes into effect in May 2018.
Mr Moran said firms have to concentrate on three key areas of cybersecurity.
“The first is how to address keeping bad guys out from a defence perspective,” he said.
“Then there is the governance issue, such as putting in a proper system that needs to really be owned by an organisation.
“It will only be effective if ownership is taken from the boardroom all the way down to the likes of HR and marketing. However, what seems to be somewhat under the radar is the importance of the GDPR.”
The regulation was ratified following four years of negotiation, replacing the existing data protection directive.
Unlike an EU directive, which can be implemented over a certain time, the regulation is made law once it begins in May 2018, meaning penalties can be imposed from day one.
The regulation is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy.
It not only applies to organisations within the EU but also to firms that do business inside member states.
If companies fail to comply with the regulation, they can be fined up to 4% of annual global turnover, or €20m.
Mr Moran said: “Organisations have one year to get ready. The document has 90 different principles. They need to drive it as a priority within now. The risks are huge if they fall foul of the regulation.”
He said that Ireland’s data protection commissioner is beefing up staff in anticipation of the regulation.
“This is significant,” said Mr Moran.
“It is a big deal for world-leading tech companies and pharma companies, many of whom are in Cork.
“Because many organisations have made Ireland their corporate headquarters, that means Ireland could become the ground on which many of the breach cases are taken.”
From Irish Examiner (25/4/2017)