-
What Will The GDPR Mean For SMEs In Ireland?
What Will The GDPR Mean For SMEs In Ireland?
With the General Data Protection Regulation (GDPR) coming into effect from May 2018, it’s time to ask is your company is truly GDPR ready? By simply looking at online job boards, we can clearly see a number of large multi-national organisations increasing their recruitment efforts within Data Protection, Data Management/Governance and Compliance as well as IT Security, Database Development, IT Risk and Audit. However many SMEs are yet to take the plunge. THE GDPR & SMEs Many companies across Ireland and the UK are yet to realize that the new data protection laws – specifically the General Data Protection Regulation (GDPR) are applicable to all organisations regardless of their size. As the GDPR is designed to increase and protect the rights of the consumers, companies need to be asking themselves if they are compliant or risk facing penalties up to €20,000,000 or 4% of the gross annual turnover. Even though SMEs will be subject to the main elements of the legislation as larger organizations, there are some exemptions as well as some benefits for smaller businesses. Benefits for SMEs It would be fair to say that some people see The GDPR as more “Red Tape” coming in from the EU, however the new regulations will offer a significant boost to SME exporters within Ireland. In short, the GDPR will mean that instead of having to ensure you are compliant with 28 different laws in relation to data protection, there will be now one universal rule that applies to all states within the EU. Some states may opt to have stricter restrictions but in essence all legislation will be the same. This therefore means that smaller companies who are planning on exporting to multiple states within the EU may see a reduction in their costs as well as less red tape as the process will now be standardised. It also means that companies as well as consumers have the added reassurance that the data they have supplied to companies operating within the EU will be handled in the same manner as it would be if the company was operating solely within Ireland. Exemptions for SMEs As aforementioned, under the new GDPR outlined by the European Commission, there will also be a few exemptions given to SMEs. Unless the core activities of the company involve processing special categories of personal data (racial, ethnic, religious beliefs etc.) or they are processing large quantities of data; the company will not be required to appoint a full-time data protection officer. Unless the SME is processing data regularly or at risk of breaching the rights and freedoms of the data subject, they will not be required to keep records of how they process data. If the data breach is considered “minor” and does not represent a high risk for the rights and freedoms of the data subject, SMEs will not be obligated to report the breach. If, however the breach is considered to have a major impact on the data subject, they will be required to report the breach to all affected individuals. To conclude, the GDPR brings some welcomed changes in how private information is handled however to ensure that companies avoid what could potentially be costly mistakes, the European Commission is urging all businesses, regardless of size, to ensure that they are ready and fully compliant for the implementation of the regulation that will take place May 25th 2018. Claire Kelly is a Recruitment Consultant with the IT team in Dublin. Email: ckelly@sigmar.ie | Tel: +353 1 4744637
-
GDPR – A Communication Challenge
GDPR – A Communication Challenge
Over the last 9-12 months, GDPR (General Data Protection Regulation) has been the acronym on everyone’s minds. The new legislation which comes into effect in May 2018 has caused a stir in the business world with serious potential repercussions hanging over people’s heads. As can often be the case with new legislation, an element of fear currently rules the land. This is certainly understandable as €20,000,000 or 4% of your global annual turnover is a seismic fine and one which can truly damage your business both financially and reputationally. This is where having the right people and the right structures in place will be critical. Staffing and recruiting will play a crucial role in GDPR as the need for Data Protection Officers and Privacy & Data Specialists come in huge demand. Where GDPR has instilled fear in people and businesses alike, it will be crucial for those tasked with understanding the new regulations to communicate the right information to their colleagues. Information is key and making sure that all employees in a business understand their role in the company and how they potentially affect GDPR legislation is imperative. All steps to Information Security will have to be adhered to and achieving a buy-in from your staff will be critical in keeping any sensitive information air tight. The key thing to take from this new legislation is that this is a standard your business must keep permanently. There is no step by step process which means you are compliant with GDPR regulation and your work is now done. This is a day in, day out security level which all businesses must meet 24/7. This means that DPO’s and members of the data protection team will be tasked with creating clear and efficient structures for a business to run efficiently while remaining compliant with GDPR. The collaboration with the InfoSec team will be essential in order to be up to date with any potential threats or worst case scenario, to report a breach. Hiring the right people in any position is a huge responsibility but in the case of GDPR specific roles, the right staff can be half the battle. Ensuring that information is presented to a business calmly and clearly and that a simple and effective roadmap is in place will allow a business to meet their new legislative requirements. While the punishments in place for failure to comply with this legislation can stir up fear and paranoia, companies who invest in the right people and get organised early in the game will find themselves in very good stead to being GDPR ready. Conor McHugh is a Recruitment Consultant with the IT team in Dublin. Email: cmchugh@sigmar.ie | Tel: +353 1 4744622