People are more mobilised than ever to defend their data, says Irish Data Protection Commission.
More than 1,000 data protection officers (DPOs) have been appointed by organisations across Ireland since GDPR (General Data Protection Regulation) became law across Europe in May 2018. That’s according to the latest annual report from the Data Protection Commission (DPC).
To support the surge in the number of DPOs, the DPC said that it will be rolling out supports for a DPO network in Ireland in the second quarter of 2019.
It also revealed it had to bust some GDPR myths and situations, such as a hairdresser being unable to provide details of a hair dye to a customer because of GDPR.
The DPC reported it received 2,864 privacy complaints from the public since GDPR was enacted in May and 4,113 in total for 2018, up 56pc on the previous year. It also revealed that in total, 4,740 valid data security breaches were notified in the 2018 calendar year, up 70pc on the previous year.
Around 136 cross-border processing complaints were received by the DPC through its new one-stop-shop mechanism lodged by individuals with other EU data protection authorities.
Around 31 own-volition inquiries were opened under the Data Protection Act 2018 into the surveillance of citizens by the State sector for law enforcement purposes through the use of technologies such as CCTV, body-worn cameras, automatic number plate recognition-enabled systems, drones and other technologies.
Raising the bar
Crucially for the DPC, which is increasingly seen as Europe’s data protection watchdog because of the high number of global tech firms operating from Ireland, 15 statutory investigations were opened in relation to the compliance of certain technology companies with GDPR.
In terms of electronic direct marketing infringements, 32 new complaints were investigated, including 18 to do with email marketing, 11 for SMS and three for telemarketing.
The DPC also revealed that the first stream of a public consultation on the processing of children’s personal data and the rights of children as data subjects under GDPR was launched on 19 December 2018.
The DPC has grown its staff numbers to 135 people and will recruit an additional 30 staff this year to meet the demands of GDPR.
“The rise in the number of complaints and queries demonstrates a new level of mobilisation to action on the part of individuals to tackle what they see as misuse or failure to adequately explain what is being done with their data,” said Ireland’s Data Protection Commissioner, Helen Dixon.
Commenting on the impact the introduction of GDPR has had, Dixon said: “Although we are still in the stage of having to bust some myths and misunderstandings that have built up around the GDPR, we feel very optimistic about the improvements we will see in Ireland in personal-data-handling practices over the next few years.
“We look forward to industry embracing codes of conduct and raising the bar in individual sectors in terms of standards of data protection and transparency, which is why we have launched a large-scale consultation around the processing of children’s data, the results of which will be reflected in a best-practice guidance note for industry.”
Updated, 8.58am, 1 March 2019: This article was updated to clarify that the DPC received 4,113 complaints in total for 2018, not 2,864.