Watch out for crumbling cookies
Your business’ compliance journey is an essential component of your operations. Ignoring it could mean big penalties to be paid. The issuing of fines has begun!
The Data Protection Commission
The Data Protection Commission (DPC) upholds and ensures the protection of personal data across Ireland, and its powers similarly extend into the European Union (EU). While the DPC is tasked with ensuring GDPR compliance, it also ensures compliance with the Irish ePrivacy regulations, and the EU Directive related to Law Enforcement. GDPR and ePrivacy compliance are essential business processes, and falling foul of the regulations can now lead to fines, penalties, or other consequences for your business.
The first GDPR fine
In May 2020, the Irish DPC issued its very first GDPR fine, bringing home the reality to all of us that compliance is no longer just a concept. The reality of penalties, fines, and other potential consequences for companies has now hit the road, and the need to ensure your business has begun its compliance journey is essential. It should be noted that the Irish DPC’s first fine was issued in relation to three data breaches, related to the unauthorised disclosure of personal information.
The matter of consent
At the crux of compliance, lies the matter of consent. As we’ve outlined before, obtaining consent is not as simple as a Yes/No tickbox:
“Obtaining your customers’ and suppliers’ consent to collect, store, and use their information is an important part of your GDPR compliance procedures. But, the way you obtain that information, and how you communicate with your customers and suppliers around why you need particular sets of information, is just as important. To clear up any confusion, obtaining the consent of your customers, suppliers, and data subjects is not as simple as asking a yes/no question. Rather, obtaining explicit consent is a far more complex procedure, but one that must be followed. Explicit consent is required when your business needs to obtain special category data for its data subjects. This could include medical records or other specified types of information.”
The complexities of compliance
Ensuring your business is compliant with the GDPR regulations and the ePrivacy regulations is important, but it need not be as complex as you think. A compliance audit gives your business a starting point for your compliance journey, without inflicting too much pain. You can’t begin your compliance journey without knowing where your business stands. Your starting point enables you to optimise your business, streamline your processes, and avoid those nasty penalties.
Cookies and consent
Philipa is the lead consultant and auditor at ProPrivacy. With clients as far afield as Canada, South Africa, Kenya, Germany, Spain and other such exotic locations, besides Cork and elsewhere in Ireland, Philipa enjoys a broad view of the state of data protection, privacy and cyber security worldwide. Philipa’s passion is manageable data compliance for SMEs.
Philipa is a qualified teacher besides holding a computer science (Bachelor of Science in Artificial Intelligence Programming) and electronic and intellectual property law (LLB) qualified. She is trained in constitutional (fundamental) rights litigation and enjoys a good debate.
Philipa has over twenty years of experience working in different sized organisations and sectors on operational, governance, risk management and compliance matters. She is an analytical and focused person that enjoys a challenge in the workplace. She loves technology, systems and people and has a passion for showing people how technology can make life easier and better. She understands that the world is driven by data today but privacy is paramount. Responsibly developed AI excites Philipa for the future.