Fianna Fáil Spokesperson on Technology James Lawless TD has warned that impending changes to data protection laws could have a profound impact on small businesses.

The General Data Protection Regulation (GDPR) was signed off on by the European Union on 27th April 2016 and will come into force in Ireland by 25th May 2018. The Office of the Data Protection Commissioner is currently running a two week public consultation process on the change which is due to conclude tomorrow. Deputy Lawless is calling for the consultation to be extended in light of the lack of awareness of the impending changes.

Deputy Lawless said, “The GDPR will bring about sweeping changes to data protection laws right across the European Union. The changes will give people more control over their personal data and will make it easier for them to access their data records held by public bodies and private companies. The changes will introduce a ‘right to be forgotten’ clause which will require data processors to delete personal data once there are no legitimate grounds for retaining such data.

“The changes will also introduce a new mandatory reporting system for companies and organisations which will require them to notify the national supervisory authority should a data breach occur. They will also have to inform individual users of high risk data breaches as soon as they occur. This is an important change given the increasing prevalence of data protection breaches. The regulation also recognises that children deserve specific protection of their personal data and requires increased safeguards to protect them.

“These changes are positive and the principle of having one data protection law for the entire European Union is long overdue. However I have serious concerns regarding the awareness of these impending changes. The new regulations will apply to all companies and organisations and those that fail to comply will face stiff penalties. However these changes simply are not on the radar of many small companies and organisations.

“The Office of the Data Protection Commissioner has opened a two week consultation process on the changes. I believe this window is too short considering the profound impact that these changes will have on smaller companies and organisations. The consultation process needs to be extended to help raise awareness of these upcoming changes. GDPR is a positive development in terms of enhancing personal data privacy, but it will only work so long as companies and organisations are given the necessary breathing space to implement the changes.”