The Crios Group held a General Data Protection Regulation (GDPR) Workshop last Wednesday 30th January in Enterprise Ireland Regional Office. Arema Connect representatives attended the Conference organised in conjunction with Crios Group members.
In this blog, we describe the event and summarise the main concepts discussed. The event’s four key points: GDPR definition, Implications & Benefits of GDPR, GDPR Considerations, and GDPR action plan.
The event started by defining GDPR and its importance in Ireland. Organisations have been apprehensive of the GDPR in terms of the impact on their resources to instigate, and through fulfilling the Regulation. With just months to go until the GDPR is fully enforced, and countless entities and organisations are obliged to adhere to the innovative but challenging framework of regulation.
This new framework intends to strengthen data protection to meet the modern and complex journeys of data. GDPR is to replace a twenty-three-year-old ‘Data Protection Directive’ – and to harmonise individual state’s data protection laws. The challenge, however, is the transition period for organisations to actually be GDPR-ready. With an enforcement date of May 2018, organisations need to assess their own protocols in handling data and are to appoint a nominated or relevant Data Protection Personnel – either internally or externally to respective organisations. This itself is a resource-intensive challenge – particularly concerning small enterprises. Lapses such as the failure to act on areas like consent and transparency in their collection, maintenance, or breaches of data, either by loss or hacking carry hefty penalties to the organisation involved.
Implications & Benefits of GDPR
Implications and benefits for individuals and organisations were discussed among the participants.
GDPR regulation while impacting all Europe has high relevance in Ireland’s tertiary sector. Our economy with multinational companies in the areas of IoT, Big Data, and Data Mining is impacted directly by the legislation.
Data forms are an essential part of our micro/macroeconomic factors and it concerns areas such as Economic growth, Competitiveness, Job Creation and Innovation. The data should afford the objectives of the framework independently of whatever the data obtained, or where it is housed. Furthermore, acts such as the loss of data or hacking by third-party agents – the responsible parties then carry the weight of hefty penalties. Fines of between 2 to 4 % of worldwide turnover, or Lower or Higher tier incident breaches; either €10-20 million, or whichever is higher.
Despite all these challenges, the new data protection regulation (GDPR) has the potential to affect positively individuals and organisations. This regulation gives both the security of a fair and protected data exchange.
The Keynote of the Conference outlined the responsibilities of organisations including the aforementioned penalties. The challenge in the transition and implantation period of the legislation for organisations was largely discussed. Key speakers highlighted previous incidents concerning organisations in the business of data processing such as examples of e-mail hacking and the loss of customers’ data from financial institutions. Examples illustrated how the new GDPR framework can impact business, and how it should deter malpractice going forward.
GDPR Action Plan
The key objective achieved during the day was the revision and evaluation of existing action plans. Highlighted areas included HR and IT processes, and data flow between clients and callers.
As outlined in the GDPR regulation, all our plans have been designed and implemented in alignment with the ‘Data by Design’ approach. This demonstrates to our clients and customers our willingness and readiness to the upcoming legislation. As described by Nuala Keogh:
‘Data protection has always been an integral part of our business DNA. Ensuring the privacy of the data we gather, process, control & store has never been more crucial than it is right now. Events like this one allow us to evaluate our GDPR road-map ensuring compliance before May 2018. We are really happy with our progress to date and we can now embrace this opportunity to streamline our data protection processes throughout Arema Connect’
We understand challenges to the business environment occur, and we wish to highlight the fact we are proactive to change. In our day-to-day activity, we demonstrate to our partners they can trust us with their data, service to their clients and overall provision of customer relationship management. Arema Connect has taken part in previous events and it is working with existing and new clients to support their GDPR efforts.
We would like to thank all involved in organising the event – EI, and to the guest speakers of the day.