Dublin, 10 October 2017 – Speaking today at a General Data Protection Regulation (GDPR) event organised by the Irish Region of ICSA: The Governance Institute at the Dublin offices of William Fry, Data Protection Commissioner Helen Dixon FCIS said that a key challenge for company secretaries and others involved in managing personal data will be recognising whether their role comprises being a ‘data controller’ or a ‘data processor’. She urged organisations to understand the key elements of both roles and then have binding written contracts in place that delineate these responsibilities.
The Commissioner highlighted the types of damage to individuals that controllers and processors need to guard against when processing personal data. These include discrimination, identity theft or fraud, financial loss, damage to the reputation or loss of confidentiality of personal data protected by professional secrecy.
Ms Dixon stated accountability by organisations for personal data will be a cornerstone under the new GDPR legislation. All organisations will have to implement appropriate technical and organisational measures to ensure and be able to demonstrate that data processing is performed in accordance with the new General Data Protection Regulation. She also emphasised, however, that GDPR does advocate a risk-based approach making it scalable for small and large data processing organisations.
This European led legislation is also designed to make data protection more transparent and reduce data protection vulnerabilities. A key requirement arising from the new regulation is the requirement to report data breaches within 72 hours. In cases “when the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons”, then the data controller will be required to notify the data subject of this breach without undue delay.
Also new in the regulation are:
Ms Dixon summarised customers’ new enhanced rights, which include the right to data portability, to be informed, to have their data erased and the right to restrict processing of their data. The Commissioner added that with regard to transparency when collecting personal data, a data controller should “provide information relating to processing in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular, for any information addressed specifically to a child”.
Following Ms Dixon’s talk, a panel discussion took place led by industry expert David Cullen, Partner and Head of Technology at William Fry, and Denis Kelleher, Senior Legal Counsel from the Central Bank of Ireland. They discussed the challenges facing company secretaries in navigating the forthcoming General Data Protection Regulation scheme. Among the topics discussed were the ability and readiness of regulated entities to comply with the regulation, the impact on the company secretary in maintaining registers and the challenges in maintaining the Register of Beneficial Owners in the context of the new regulation.
- Ends -
For further information, please contact
Ruairí Cosgrove, Chair of ICSA Ireland
+353 (0)1 792 6070
+353 (86) 88 88 949