Watch out for crumbling cookies

Your business’ compliance journey is an essential component of your operations. Ignoring it could mean big penalties to be paid. The issuing of fines has begun!

The Data Protection Commission

The Data Protection Commission (DPC) upholds and ensures the protection of personal data across Ireland, and its powers similarly extend into the European Union (EU). While the DPC is tasked with ensuring GDPR compliance, it also ensures compliance with the Irish ePrivacy regulations, and the EU Directive related to Law Enforcement. GDPR and ePrivacy compliance are essential business processes, and falling foul of the regulations can now lead to fines, penalties, or other consequences for your business.

The first GDPR fine

In May 2020, the Irish DPC issued its very first GDPR fine, bringing home the reality to all of us that compliance is no longer just a concept. The reality of penalties, fines, and other potential consequences for companies has now hit the road, and the need to ensure your business has begun its compliance journey is essential. It should be noted that the Irish DPC’s first fine was issued in relation to three data breaches, related to the unauthorised disclosure of personal information.

The matter of consent

At the crux of compliance, lies the matter of consent. As we’ve outlined before, obtaining consent is not as simple as a Yes/No tickbox:

“Obtaining your customers’ and suppliers’ consent to collect, store, and use their information is an important part of your GDPR compliance procedures. But, the way you obtain that information, and how you communicate with your customers and suppliers around why you need particular sets of information, is just as important. To clear up any confusion, obtaining the consent of your customers, suppliers, and data subjects is not as simple as asking a yes/no question. Rather, obtaining explicit consent is a far more complex procedure, but one that must be followed. Explicit consent is required when your business needs to obtain special category data for its data subjects. This could include medical records or other specified types of information.”

The complexities of compliance

Ensuring your business is compliant with the GDPR regulations and the ePrivacy regulations is important, but it need not be as complex as you think. A compliance audit gives your business a starting point for your compliance journey, without inflicting too much pain. You can’t begin your compliance journey without knowing where your business stands. Your starting point enables you to optimise your business, streamline your processes, and avoid those nasty penalties.

Cookies and consent

Online tracking technologies are an essential part of business online advertising channels. But, in adherence to GDPR and ePrivacy regulations, the way your company’s cookie crumbles truly matters. Consent management often forms part of your web development process. This is, most commonly, implemented through the use of cookies and similar tracking technologies. Ultimately, the consent cookie can crumble quite badly, if your software breaks, a line of code goes awry, or a user denies the cookie its ability to track them.

Tracking technologies

As a form of tracking technology, cookies are subject to the GDPR and ePrivacy regulations. The DPC issued a Guidance Note in April 2020, outlining the importance of ensuring your business’ online tracking technologies become compliant. Giving all businesses six months, from date of publication, the DPC now requires you to be compliant with the ePrivacy regulations, relating to your company’s use of cookies and tracking technologies. The DPC is set to begin inspections from 6 October 2020, and enforcement action is set to begin. The DPC decides on the type of enforcement action that may be appropriate, so make sure your cookies aren’t set to crumble!  Check your own website for cookies and tracking technology here.

ProPrivacy can help

A compliance audit, or a short consultation with one of our compliance experts, gets your business started on its compliance journey. We’ll help you stay on the right side of regulation, using robust technologies like Serity, our expertise, and our experience.

Cath Jenkin
Written By Cath Jenkin

As a communications consultant and freelance writer, Cath has helped more than 100 brands, businesses, and people, find the right words to tell their important stories. Cath points her cursor and bashes her keyboard to create useful, reliable content for people who want to learn more about blockchain technologies, finance, property, online safety & information security.