The Future of Data Protection in 2019
At PixAlert we have been involved in the safe management of sensitive data and GDPR since the company began trading in 1999. Although we are no strangers the complexities involved in maintaining data in line with auditory requirements, on the back of 2018’s GDPR introduction, 2019 will be the year that organisations are likely to see strict enforcement of the legislation.
In Ireland there has been a certain amount of dismissiveness surrounding GDPR mainly due to the fact that we are yet to see our first GDPR fine issued. However It would be unwise to get too comfortable. Towards the end of 2018 we started to see a number of organisations scattered throughout Europe receiving the first financial penalties due to incorrect management of data.
In Germany a social media company received a €20,000 fine from hackers gaining access to un-encrypted email addresses and passwords of over 300,000 users, a direct breach of ART. 32 (I) (A) GDPR. This was the first fine placed in Germany and has set a precedent that should act as a timely warning to Irish businesses about the dangers of lacklustre handling of critical data.
Data Subject Access Requests
We are going to see a continue in growth of Data Subject Access Requests (DSARs) which grew 56% since GDPR regulation enforcement began on the 25th May 2018. Not only will Irish organisations need to be cognizant of the regulators but they will also need aware of the rights of the general public under GDPR and the increased likelihood of their asking for access to information.
This growth in requests for data may mean that organisations will not only need to consider the ways in which they store information, but also the volumes of information that they retain.
Brexit & the need for Adequacy
The ability to have free flow of data between continents and international boarders Is a growing concern for business not just in Ireland but all over the globe. The categorisation of countries as being “Adequate” is extremely important as it means that data protection laws in these locations are deemed to be of the same standard as the of European law.
An important element of a Brexit deal is that the UK strikes a deal to for “Adequacy”. This would be fundamental in the ability of information to flow between Ireland and the UK and to reduce any data transfer issues that may happen after Britain exits the EU.
Continuing Evolution of Technology
Technology is evolving at such a pace that the ability of organisations and legal practices to stay ahead of the rapidly changing environment is become more and more challenging.
There is a need for organisations to develop legalities and practises for new technologies such as AI, Blockchain etc. using in many cases very outdated legislation.
EU ePrivacy Regulation
The methods that organisations use to collect, and store non-personal data also need to be monitored and adjusted where required and adapt in time implementation of the legislation. The manner and ways which organisations request consent needs to be monitored and may cause issues with how they conduct marketing in the future.