2017 was the year of four letters – GDPR. It was the year in which the world of EU data protection law commanded attention and recognition from businesses worldwide. 2017 witnessed many businesses yielding to the mammoth task of “GDPR Readiness” in order to prepare for Europe’s overhaul of its data protection regime. On International Data Protection Day 2018, we expect that the target for most businesses in 2018 is to meet the General Data Protection Regulation’s (GDPR) deadline of 25 May 2018. Undoubtedly, 2018 will be a busy year for businesses. It is interesting to note that the majority of businesses will not be GDPR compliant by 25 May 2018. The International Association of Privacy Professionals has released the following statistic that only 41% of companies will be compliant by the enforcement date, while the rest aim to be compliant towards the end of 2018. For many, GDPR will be an ongoing task for the foreseeable future.
Aside from GDPR Readiness, 2017 also saw a significant increase in the number of global cyber-attacks. There were also calls for big data corporations to bear more responsibility. Of course, the ongoing debate around the validity of the European Commission’s standard clauses for the transfer of data internationally continued. In 2018, all eyes will be on the Court of Justice of the European Union and its examination of the Irish Data Protection Commissioner’s “well-founded concerns” over these standard clauses adopted by the European Commission.
Now in its eleventh year, International Data Protection Day is celebrated globally every 28 January to raise awareness and promote privacy and data protection best practices. To mark International Data Protection Day 2018, our Technology Team round-up some of the key data protection stories of 2017 and look ahead to what 2018 may bring in the data protection sphere.
The first quarter of 2018 should see most businesses finalising their GDPR Readiness programmes and ironing out any last minute gap areas. A critical action for businesses to take also will be to identify and implement robust security and technical measures to withstand the level of sophistication brought by last year’s cyber-attacks.
Data protection, privacy and cybersecurity will continue to grab headlines in 2018. You can keep up to date with the latest insights on our website and follow us on Twitter @WFIDEA.
For further information on the incoming GDPR and detailed guidelines on GDPR Readiness, register for PrivacySource, William Fry’s dedicated GDPR website.
Part 1: 2017 Round-Up
- Article 29 Working Party Guidelines: “Consent under the GDPR“; “Breach Response Plans“; “Transparency under the GDPR“; “Automated Decisions and Profiling“; “Administrative Fines Under the GDPR“.
- Breaking Down the General Scheme of Data Protection Bill 2017: Part I; Part II;Part III; Part IV.
- Case Law: “Legitimate Interest Test“; “Right to be Forgotten“; “Challenge to Privacy Shield“; “Future of SCCs“; European Court Rules that Exam Scripts and Comments Constitute Personal Data
Part 2: 2018 Forecast
- European Commission Issues Warning on Data Protection Ramifications of Brexit
- European Commission Proposes New ePrivacy Regulation
- GDPR – Likely Impact for Employers and How to Prepare
- Steps for the Insurance Sector to Take Now in Advance of GDPR
- GDPR for Irish Funds
- Digital Age of Consent for Children
Contributed by: David Cullen and Rachel Hayes
