The General Data Protection Regulation (GDPR) accounts for data protection across all European Union territories. The GDPR is complimented by the law enforcement Directive that sets data protection standards in regards to criminal offenses and the res[ective penalties in case of a breach.
The GDPR and the law enforcement Directive have brought about much-needed changes to the legislature surrounding data protection. As a result, more stringent measures have been established to ensure organizations which handle personal data hold more responsibility for their practices.
The GDPR and Ireland
Because of Ireland's relationship with the EU, the GDPR by default is in effect within the republic’s jurisdiction. It is paramount that organisations dealing with personal data familarise themselves with this framework. The GDPR replaces the Data Protection Act of 2003 and comes with the establishment of a Data Protection Commission.
Types of data protected by the GDPR
The GDPR tackles data protection on mainly two types of data. These are namely, personal data which is data relating to a living person such as names and banking details. The other type is special category personal data. This is data such as race, political opinions and health details. Special category data can only be processed if the subject gives consent or if the law authorises.
Areas affected by the GDPR
The GDPR is in effect for all data processor and controllers within the EU regardless of where the data is processed. The same also applies for data pertaining to EU citizens processed by organizations outside of the EU activities where behavior is being monitored or services and products are being offered. Such organizations are required to have a representative resident in the EU.
Supervision and enforcement
The GDPR warrants for the Irish authorities to have an independent public authority responsible for its enforcement. This has materialised in the form of the Data Protection Commission. The supervisory authority is charged with bringing about processor and public awareness of data protection rights. It also serves to advise the government and makes assessment on the data protection impact in Ireland. The Data Protection Commission has the power to enforce penalties on violators and charge them with legal action.
European Data Protection Board (EDPB)
The European Data Protection Board (EDPB) came into effect through the GDPR and is the regional authority responsible for supervising it’s enforcement throughout the EU. The EDPBs role spans into formulating guidelines concerning the GDPRs application and advising the EU Commission on the application and necessary amendments. The board comprises of the head of one supervisory authority from each EU member and a European Data Protection supervisor.
Penalties under the GDPR
The GDPR establishes penalties for data controllers and processors who are non-compliant. Organisations charged with serious infringements such as not acquiring consent from subjects can face fines of up to 4% of their annual global income or €20 million, whichever is greater. Minor offenses such as not notifying the relevant authorities about a breach could garner a find of €10 million or 2% of the organization’s income, whichever is greater. Each member state reserves the right to institute its own fines.
For more details and insights into the GDPR in Ireland, you can reach out to our well-informed consultants at SIGTAX.
Add new comment