An Irish Data protection Commission (DPC) representative recently shared in an interview that the agency will enforce the General Data Protection Regulation (GDPR) much more stringently in 2019.
The GDPR clearly had a massive effect in 2018 as people thought more carefully about their personal data management. DPC Head of Communications, Graham Doyle, attributes this observation to the escalating number of GDPR incidents reported. In 2018, 2,500 complaints and 3,500 breach notifications were received, which showed double the figures of 2017. This is a nice outcome as DPC spends a lot of resources on its awareness campaign. Teaching companies and the public is a significant function of DPC.
Doyle mentioned that DPC uses a twofold approach to spreading GDPR consciousness: enforcement and engaged monitoring. Engaged monitoring refers to engaging with companies, talking about legislation associated with personal privacy and with companies about their new products. Basically, DPC works with companies to make sure they get things correctly right away.
Consequently, in 2019 the agency will sanction penalty charges as current investigations come to a conclusion. DPC will apply the requirements of the laws 100% in an effort to avoid future breaches. GDPR gave a new toolkit to DPAs, which gives them significantly superior powers that can be used where appropriate. Under GDPR regulation, the maximum amount of fine for a breach is €20 million or 4% of annual global income, whatsoever amount is greater. The agency is also expanding the extent of GDPR investigations this 2019. It is expected that there will be bigger investigations concluded in 2019.
Doyle mentioned as well that awareness of the legislations has considerably increased with time specifically up to the moment of introducing the GDPR in May 25, 2018. As per a DPC survey in 2017, the awareness levels among businesses in Ireland regarding the GDPR is only 30% to 40%. In the May 2018 survey conducted, the awareness levels jumped to about 90%.
The DPC is Ireland’s data protection agency. It is responsible for ensuring that businesses under its jurisdiction follow the law. Hence, it is anticipated that DPC will investigate the complaints submitted to them. A great number of multinational firms are centered in Ireland, thus the scope of investigations is huge. Just imagine that from May 25, 2018, loads of GDPR complaints were already filed against Google, Facebook and Twitter.