On 25 May 2017 Ireland's Data Protection Commissioner, Helen Dixon, warned that many small to medium companies in Ireland were not aware that a significant legal change will be implemented in May 2018. The Commissioner spoke at the launch of a new website called GDPRandyou.ie which aims to provide organisations with the steps they will need to undertake in order to comply with the upcoming General Data Protection Regulation (GDPR).
The Commissioner acknowledged that the new rules will mean extra costs for businesses but clarified that they should be seen as contributing to a new European digital economy that will ensure protection for the rights of consumers. "These data protection laws are about having a sound data governance programme and policy" she stated, "but they are also about maintaining the trust of consumers and customers."
However according to a new survey by Amárach Research, only 14% of small to medium sized firms have begun preparing for GDPR and 83% were not able to say what changes GDPR would mean for their business. "The GDPR is a game-changing overhaul of our current data protection laws," the Commissioner warned, referring to the research; "it will impact every type of company and organisation regardless of their size and require many of them to take significant action well before 25 May 2018".
The new website contains a twelve step guide for organisations who have not yet developed a GDPR readiness plan. The guide emphasises that a significant lead-in time is necessary to ensure all new requirements are met.
The Commissioner's comments come the same month as the Irish Government published a preliminary draft of the Data Protection Bill 2017. This draft Bill acknowledged that there is a likelihood of ‘"resource intensive’" cases due to the large amount of multinational companies based in Ireland that fall under the Commissioner's jurisdiction and the requirement for a one-stop-shop mechanism for data protection under the GDPR. Additionally, although not directly mentioned by the Commissioner, the complicating factor of Brexit will also likely compound the workload for the Commissioner post- May 2018. For these reasons the draft Bill states that Irish legislators will be conducting an ‘"examination’" of the need to allocate significant resources in order to tackle the ‘"anticipated additional workload arising from the GDPR’" and it is likely that this will mean more resources for the Commissioner under GDPR.