“If you spend more on coffee than on IT security, you will be hacked.”
Richard Clarke, White House Cybersecurity Advisor
What is GDPR?
GDPR came into force on the 25th of May 2018 and was drafted in response to calls for reform of existing Data Protection Laws having been proposed by the European Commission in 2012. The GDPR revamped and overhauled the existing Data Protection laws in Ireland and repealed previous legislation in this regard namely the Data Protection Acts 1988 & 2003. The GDPR was designed to modernize laws that protect the personal information of individuals.
The GDPR places absolute importance on the right of an EU Citizen with respect to their personal data. The GDPR imposes certain requirements on businesses in terms of how they collect, use, store and delete your personal data or sensitive personal data. Businesses are obliged to make sure your data is accurate, up to date and available to you. More importantly it is incumbent on the business to only use your personal data or sensitive personal data for its intended purposes. If your data is no longer needed for its intended purpose, it must be deleted.
Irish people lodged almost 7,000 complaints with data protection watchdogs in 2021, the sixth-highest number in Europe. According to one Survey more than half of Irish companies say that they have suffered a data breach in 2021. The results of the survey also show that data breaches, hacking attacks and employee negligence have all risen in 2021.
External attacks have also increased, with almost one in five Irish companies claiming to have fallen victim to some form of malicious external attack. Well known Banks, Airlines, Social Media Giants, Third level Institutes Parcel Delivery Services & a Ticket Distributor have all reported data breaches in Ireland.
Perhaps most significantly in May the Health Service Executive announced it had suffered a ransomware attack, with criminals blocking access to its IT systems.
This led the HSE to effectively go offline, with hospitals reverting to old-fashioned paper systems causing a significant slowdown in its operations. The HSE were criticized in some quarters for running a frail IT system and missing the “warning signs” in terms of dealing with the problem.
How does GDPR help me?
GDPR provides for compensation for victims of data breaches and for significant penalties for Data Controllers and Data Processors in the event of a data breach. Please note that if a company shares, profits, or misuses your personal data in any way, you are likely to be entitled to claim compensation.
What are my rights under GDPR?
Under GDPR you have the following rights:
- Right to be informed as to how your personal data is being processed;
- Right to obtain a copy of any information relating to you kept on computer or in a structured manual filing system;
- Right to receive a copy of all data held by a Data Controller within one month of the request been received;
- Right to rectification of data;
- Right to be forgotten, meaning the right to obtain from the Data Controller the erasure of personal data without undue delay;
- Right to restrict further processing of your personal data where specified grounds arise; and
- Right to object to processing.
If an individual is not satisfied with the response, they receive from the Data Controller they may make a complaint to the Data Protection Commissioner or institute legal proceedings.
Have you been a victim of a Data breach?
At Conor McLaughlin & Associates Solicitors our experienced Solicitors will guide you in enforcing your rights, such as pursuing Data Controllers who have breached your rights under GDPR. We have the knowledge and experience to advise on all aspects of Data Protection. We can advise you on how to make a request under GDPR along with making complaints to the Data Protection Commissioner.
The above article is one of a series of bi-monthly legal articles drafted by Conor McLaughlin, Solicitor and Principal at Conor McLaughlin & Associates Solicitors. They do not constitute legal advice and should not be acted upon without seeking legal advice particular to your set of circumstances. Conor McLaughlin & Associates Solicitors have their office in Bundoran, County Donegal. For further information on the above or any other legal issues you may have, please contact us on TEL: 071 984 1322,