An Irish Data protection Commission (DPC) spokesperson recently disclosed in an interview that DPC is going to enforce the General Data Protection Regulation (GDPR) a lot more strictly in 2019.
DPC Head of Communications, Graham Doyle, said that GDPR obviously had an enormous effect in 2018 since it made people think more carefully about the management of personal information. He labeled the increasing number of reported GDPR incidents as a gauge of this. In 2018, 3,500 breach notifications and 2,500 complaints were received – the figures were almost double that of 2017. This is seen as a good thing as as DPC spends substantial resources on increasing awareness. Educating organizations and the public is an important role of DPC.
Doyle said DPC takes a dual approach to promoting GDPR: Enforcement and engaged monitoring. Engaged monitoring means engaging with organizations, consulting with businesses on legislation related to personal data and new products. Essentially, DPC engages with organizations to help them get things right from the start.
In 2019 the agency is going to issue penalties as the current investigations come to an end. DPC will implement the law with full force in an attempt to stop future breaches. The new toolkit which the GDPR gave DPAs brings greater powers and the DPC will use them where appropriate. Under GDPR law, the biggest fine for a data breach is €20m or 4% of yearly global turnover, whichever amount is higher. There is also an expansion in the extent of GDPR investigations in 2019 and more extensive investigations will be concluded in 2019.
According to DPC’s survey in early 2017, GDPR awareness levels among businesses in Ireland was between 30% to 40%. In the survey conducted in May 2018, awareness levels had increased to around 90%.
The DPC is the data protection agency in Ireland. It is in charge of making sure that organizations under its jurisdiction are following the rules. Furthermore, it is expected to look into the complaints submitted to the agency. A large number of multinational companies are based in Ireland, so the extent of investigations is enormous. From May 25, 2018, many GDPR complaints had been submitted against Facebook, Twitter and Google. The EU headquarters of those three companies are in Dublin.