76% of Irish businesses have experienced growing uncertainty across the data protection spectrum over the last 12 months with no signs of this abating. This is according to a new survey from the Association of Compliance Officers Ireland (ACOI) released today in the run up to World Data Protection Day (Jan 28th).
The survey of more than 250 organisations throughout the country – answered by ACOI members with responsibility for compliance in financial and other organisations, sought to assess views surrounding Ireland’s data protection landscape for 2021.
Respondents cited uncertainty as a result of Brexit (32%); an increase in remote working (26%) and the impact of the Schrems II ruling (23%) as the primary drivers behind heightened threats to data protection and mounting challenges for organisations in ensuring compliance.
Speaking of the findings, Michael Kavanagh, CEO of the ACOI,
“These are turbulent times in the world of data protection and there is no doubt that businesses and other organisations throughout Ireland are struggling with a myriad of issues. It is perhaps unsurprising that Brexit is the forerunner in terms of what people see as the reason behind the growing uncertainty in DP, but what’s arguably more insightful is that more than ¼ of respondents say the growing prevalence of remote working is causing major issues and a similar number feel that the implications of the Schrems II ruling is adding to the ambiguity”.
The ACOI have set out key data protection areas for concern and action that they believe should be on the agenda of business entities throughout the country if they want to successfully navigate their way through 2021:
- The Schrems II ruling and international data transfers.
Mr. Kavanagh explained,
“Businesses will be watching closely to see the final outcome with regard to the European Commission’s recent public consultation on a draft revised set of standard contractual clauses (SCCs). SCCs are widely used by both SMEs and multinational firms to facilitate international transfers of data. Similarly, in our experience, industry views the proposed supplementary measures proposed by the European Data Protection Board (EDPB) as too onerous and unworkable.
The ACOI report that, while the Trade and Cooperation Agreement’s provision of 4 – 6 months ‘transition’ for UK-EU data transfers is welcomed, businesses must remain vigilant and watch closely to assess if an adequacy decision will take place within that timeframe.
According to the ACOI, more clarity and consistency on implementation of fines would be hugely beneficial to companies of all sizes across all industries, to enable these organisations and their Boards to adequately assess the risk and impact of potential fines and take appropriate action.
- The Basics
Mr. Kavanagh went on to advise,
“Businesses should continue to focus firstly on the basics. Having clear policies in place and developing a robust data protection culture throughout the whole organisation. Human error is often a key factor in data breaches, so ensuring that new and existing staff receive regular training on privacy best practice is key.”
The ACOI survey also revealed that, of the smaller cohort of survey respondents who believe the landscape is actually less uncertain that it was a year ago (24%) the increased clarity on Brexit (31%) and DPC Requirements and penalties (29%) and improved staff training were seen as the main reason for this.