That was the take home message from the Irish Data Protection Commissioner Helen Dixon at the Dublin Data Sec 2017 which was held at the RDS in Dublin today. The event was held to debate the impact of the forthcoming European Union’s General Data Protections Regulations in May 2018. This will bring about significant changes in how organizations across Europe and beyond will have to store and protect data as well as seeing large fines being levied for those that do not comply with the legislation.
In her keynote speech, she said that people in the Irish Republic were already taking more security measures to protect themselves online thanks to an increased education on the data risks posed from being hacked.
“For many people, picking a password involved picking one that was easy to remember and therefore easily-guessable and the ultimate solution in many cases was to stick a post-it with the username and password on a PC monitor. But now we’ve developed more sophistication and more consciousness of data protection.
“We’ve all started to understand the personal responsibility we have to take for information we put in the public domain and the potential consequences it can have for us later on.”
However the focus will now be on how people’s personal data is stored by organisations thanks to the European Union’s General Data Protection Regulations that will come into force in May 2018.
“The GDPR is a game-changing piece of regulation and cannot be ignored. To do nothing ahead of May 2018 is not an option, because there will be consequences to pay and the consequences will be very significant for any organisation, whether they are public or private.”
Ms Dixon said that the GDPR will herald more accountability and enforcement of data breaches, and that many practices that were common in the past will now be illegal. One such occurrence was how staff in government departments would look up the details of people they knew out “out of curiosity”. This practice also went on in some large private companies too.
“Think about how common it was for staff in some government departments to look up details of their neighbours out of curiosity based on databases to which they’d access. Or to look up for example national lottery winners and look up to see what their address was or their social welfare profile was, and it happened with private sector companies too, like insurance companies with large databases.”
Such data breaches could be treated very harshly under the new GDPR.
As well as Helen Dixon, there were a number of high profile speakers and guests at the event including:
- Adrian Weckler, the Technology Editor at Independent News and Media
- Joseph Carson, Cyber Security Strategist
- Pauline Walley, Criminal and Internet Counsel
- Emerald de Leeuw, Chief Executive Officer of Euro Comply GDPR Software
- Jonathan Armstrong, Compliance and Technology Lawyer
- Ronan Davy, Senior International Counsel, Etsy
- Fred Logue, Information Law Specialist
- Tomi Mikkonen, Data Protection Specialist
- Mark Adair, Lawyer @ Mason, Hayes & Curran
- Stephen Laffan, Workday Global Privacy Program Manager
- Lorcan McLoughlin, Privacy Officer @ Rabobank
- Daragh O’Brien, Founder of Castlebridge