Majority of Irish businesses unsure of data protection landscape
More than three-quarters (76%) of Irish businesses have experienced growing uncertainty across the data protection spectrum over the last 12 months with no signs of this abating according to a new survey from the Association of Compliance Officers Ireland (ACOI).
Released ahead of World Data Protection Day (28 January) The survey of more than 250 organisations throughout the country – answered by ACOI members with responsibility for compliance in financial and other organisations, sought to assess views surrounding Ireland’s data protection landscape for 2021.
Respondents cited uncertainty as a result of Brexit (32%); an increase in remote working (26%); and the impact of the Schrems II ruling (23%) as the primary drivers behind heightened threats to data protection and mounting challenges for organisations in ensuring compliance.
Speaking about the findings, Michael Kavanagh, CEO of the ACOI, said: “These are turbulent times in the world of data protection and there is no doubt that businesses and other organisations throughout Ireland are struggling with a myriad of issues. It is perhaps unsurprising that Brexit is the forerunner in terms of what people see as the reason behind the growing uncertainty in DP, but what’s arguably more insightful is that more than a quarter of respondents said the growing prevalence of remote working is causing major issues and a similar number feel that the implications of the Schrems II ruling is adding to the ambiguity”.
The ACOI have set out key data protection areas for concern and action that they believe should be on the agenda of business entities throughout the country if they want to successfully navigate their way through 2021:
On the continued impact of the The Schrems II ruling as it relates to the international transfer of data of EU citizens Kavanagh explained: “Businesses will be watching closely to see the final outcome with regard to the European Commission’s recent public consultation on a draft revised set of standard contractual clauses (SCCs). SCCs are widely used by both SMEs and multinational firms to facilitate international transfers of data. Similarly, in our experience, industry views the proposed supplementary measures proposed by the European Data Protection Board (EDPB) as too onerous and unworkable.”
According to the ACOI, more clarity and consistency on implementation of fines would be hugely beneficial to companies of all sizes across all industries, to enable these organisations and their boards to adequately assess the risk and impact of potential fines and take appropriate action.
“Businesses should continue to focus firstly on the basics. Having clear policies in place and developing a robust data protection culture throughout the whole organisation. Human error is often a key factor in data breaches, so ensuring that new and existing staff receive regular training on privacy best practice is key,” said Kavanagh.
The ACOI survey also revealed that, of the smaller cohort of survey respondents who believe the landscape is actually less uncertain that it was a year ago (24%) the increased clarity on Brexit (31%) and DPC Requirements and penalties (29%) and improved staff training were seen as the main reason for this.
On Thursday 28 January, World Data Protection Day, the ACOI and IOB will host a free webinar with Garrett O’Neill, assistant commissioner of the Irish Data Protection Commission and Denis Kelleher, Bloomsbury Professional, author of “Privacy and Data Protection Law in Ireland” and lecturer on the ACOI/IOB Professional Certificate in Data Protection.