It’s now less than six months until GDPR comes into effect and dramatically alters the way organisations collect and process data. In order to aid Irish organisations’ preparations for the impending legislation, AMI recently hosted a GDPR breakfast seminar in the Fitzwilliam Hotel – GDPR: The Final Countdown. We’ve put together some of the key points made by our speakers for those who missed it. If you were lucky enough to be in attendance at the information-packed event, read on for a recap of a terrific morning.
Ignorance is not a defence
Faye Thomas, business manager at AMI, first addressed the crowd, giving an overview of the event and introducing the guest speakers.
First up, Pearse Ryan, partner at Arthur Cox Solicitors, delivered a detailed overview of the legal obligations facing companies under GDPR. Following a dreaded cyber event, there is a potentially long list of contacts who need to be notified, from the Central Bank of Ireland, to the Gardaí, to the Data Processor or Data Controller. Once GDPR comes into force, organisations will need to be aware of what their obligations are, including exactly who they need to contact.
A standout takeaway from the talk was the potential for organisations to in fact commit a criminal offence through the mishandling of data. Organisations are obligated to report a data breach and failure to do so – be it through ignoring the law or being unaware of it – could constitute a criminal offence. One thing is clear: ignorance of your obligations will not be accepted as a defence. Don’t stick your head in the sand when it comes to GDPR, be aware of the requirements and comply.
Disposal – an overlooked area
Don’t panic. That was the first message from Steve Mellings, founder of Asset Disposal and Information Security Alliance (ADISA) and COO of DP Governance Limited. The GDPR deadline (25th May 2018) is not doomsday. For those organisations already working towards existing data protection laws, the new regulation is simply an extension requiring some additional business changes. However, those organisations not complying with existing data protection laws face a significant business transformation project.
One area where many businesses tend to struggle is where they engage with third parties to perform services which impact on data. The erasure or destruction of data is an aspect of data processing in which companies have been performing particularly poorly. Studies have shown that 16% of companies have suffered a data breach due to improper disposal and over 40% of hard drives purchased from auctions still hold data. Working with an ADISA-accredited IT disposal provider ensures businesses peace of mind when disposing old IT equipment.
Irish landscape
AMI’s recent survey on IT disposal practices produced some similarly troubling findings for Irish organisations. Paul Hearns, editor of TechPro magazine, presented an overview of some of the most interesting results of the survey. Among the findings was the fact that 32% of companies that use third-party IT retirement companies don’t get formal confirmation that their data has been completely erased. In addition, 25% of companies admitted to leaving end-of-life IT assets on premise for more than one year.
These findings support the argument that Irish companies are overlooking IT disposal when it comes to data protection and their preparations for GDPR. While organisations shouldn’t panic in the run up to the GDPR deadline, now is the time to act and take responsibility for the complete and safe erasure of data.
We want to thank our three guest speakers for providing an information-packed morning and for helping Irish businesses face GDPR more prepared. Another huge thank you is due to all in attendance who engaged with our speakers in a meaningful and insightful Q&A following the presentations. If you would like any further details on the topics discussed, or would like to enquire as to how AMI can help your business get GDPR ready, contact us today or get an IT disposal quote.
