Watch out for crumbling cookies

Your business’ compliance journey is an essential component of your operations. Ignoring it could mean big penalties to be paid. The issuing of fines has begun!

The Data Protection Commission

The Data Protection Commission (DPC) upholds and ensures the protection of personal data across Ireland, and its powers similarly extend into the European Union (EU). While the DPC is tasked with ensuring GDPR compliance, it also ensures compliance with the Irish ePrivacy regulations, and the EU Directive related to Law Enforcement. GDPR and ePrivacy compliance are essential business processes, and falling foul of the regulations can now lead to fines, penalties, or other consequences for your business.

The first GDPR fine

In May 2020, the Irish DPC issued its very first GDPR fine, bringing home the reality to all of us that compliance is no longer just a concept. The reality of penalties, fines, and other potential consequences for companies has now hit the road, and the need to ensure your business has begun its compliance journey is essential. It should be noted that the Irish DPC’s first fine was issued in relation to three data breaches, related to the unauthorised disclosure of personal information.

The matter of consent

At the crux of compliance, lies the matter of consent. As we’ve outlined before, obtaining consent is not as simple as a Yes/No tickbox:

“Obtaining your customers’ and suppliers’ consent to collect, store, and use their information is an important part of your GDPR compliance procedures. But, the way you obtain that information, and how you communicate with your customers and suppliers around why you need particular sets of information, is just as important. To clear up any confusion, obtaining the consent of your customers, suppliers, and data subjects is not as simple as asking a yes/no question. Rather, obtaining explicit consent is a far more complex procedure, but one that must be followed. Explicit consent is required when your business needs to obtain special category data for its data subjects. This could include medical records or other specified types of information.”

The complexities of compliance

Ensuring your business is compliant with the GDPR regulations and the ePrivacy regulations is important, but it need not be as complex as you think. A compliance audit gives your business a starting point for your compliance journey, without inflicting too much pain. You can’t begin your compliance journey without knowing where your business stands. Your starting point enables you to optimise your business, streamline your processes, and avoid those nasty penalties.

Cookies and consent

Online tracking technologies are an essential part of business online advertising channels. But, in adherence to GDPR and ePrivacy regulations, the way your company’s cookie crumbles truly matters. Consent management often forms part of your web development process. This is, most commonly, implemented through the use of cookies and similar tracking technologies. Ultimately, the consent cookie can crumble quite badly, if your software breaks, a line of code goes awry, or a user denies the cookie its ability to track them.

Tracking technologies

As a form of tracking technology, cookies are subject to the GDPR and ePrivacy regulations. The DPC issued a Guidance Note in April 2020, outlining the importance of ensuring your business’ online tracking technologies become compliant. Giving all businesses six months, from date of publication, the DPC now requires you to be compliant with the ePrivacy regulations, relating to your company’s use of cookies and tracking technologies. The DPC is set to begin inspections from 6 October 2020, and enforcement action is set to begin. The DPC decides on the type of enforcement action that may be appropriate, so make sure your cookies aren’t set to crumble!  Check your own website for cookies and tracking technology here.

ProPrivacy can help

A compliance audit, or a short consultation with one of our compliance experts, gets your business started on its compliance journey. We’ll help you stay on the right side of regulation, using robust technologies like Serity, our expertise, and our experience.

Philipa Jane Farley

Written By Philipa Jane Farley

Philipa is the lead consultant and auditor at ProPrivacy.  With clients as far afield as Canada, South Africa, Kenya, Germany, Spain and other such exotic locations, besides Cork and elsewhere in Ireland, Philipa enjoys a broad view of the state of data protection, privacy and cyber security worldwide.  Philipa’s passion is manageable data compliance for SMEs.

Philipa is a qualified teacher besides holding a computer science (Bachelor of Science in Artificial Intelligence Programming) and electronic and intellectual property law (LLB) qualified. She is trained in constitutional (fundamental) rights litigation and enjoys a good debate.

Philipa has over twenty years of experience working in different sized organisations and sectors on operational, governance, risk management and compliance matters. She is an analytical and focused person that enjoys a challenge in the workplace. She loves technology, systems and people and has a passion for showing people how technology can make life easier and better. She understands that the world is driven by data today but privacy is paramount. Responsibly developed AI excites Philipa for the future.

ProPrivacy | GDPR Privacy Cyber Security in Cork, Ireland