The General Data Protection Regulation imposes greater obligations than ever before on all parties storing and processing personal data while also giving regulators a range of sanctions to enforce compliance.
The decision by the Data Protection Commission (DPC) to issue draft rulings to WhatsApp and Twitter is a significant development. This follows the recent decision by the DPC to fine TUSLA the sum of €75,000 for three separate data breaches. This shows the DPC acting in response to the Advocate General, Henrik Saugmandsgaard expressing the opinion that the DPC should be more proactive in enforcing GDPR. This also shows that the significant sanctions in the form of large fines arising out of non-compliance with GDPR will be enforced against a small domestic organisation and not just the large multi-national tech companies. There can now be no doubt that GDPR compliance is something that all businesses must take seriously and indeed prioritise.
We at Hartnett Hayes Solicitors LLP are well placed to advise in this area and have always regarded client privacy and confidentiality as an absolute priority and as such have implemented a Data Protection Policy to ensure compliance with GDPR and to ensure that we at all times adhere to best practice in this area. To this end, Hartnett Hayes Solicitors LLP has gone beyond the minimum requirement of GDPR and has embarked on the ambitious path of attaining ISO 27001 certification which is the international standard outlining best practices for an information security management system.