January 28th was European Data Protection Day and we marked the event by attending the 9th Annual Data Protection Conference which was held in the Aviva Conference Centre.

The two-day conference featured interactive workshops on the first day on ‘Privacy by Design’ and ‘Conducting a Data Protection Audit’. The second day included a line-up of notable speakers who spoke on topics related to the theme of the conference; “GDPR – It’s here, what’s next”. Dara Murphy, Minister of State for European Affairs, EU Digital Single Market and Data Protection spoke about his department’s work in preparing for GDPR and the importance of having a strong, well-resourced Office of the Data Protection Commissioner (ODPC). The Minister also announced plans for a data summit in June this year.

A&L Goodbody’s Claire Morrissey presented on “Legal Aspects of the GDPR” and took part in a lively Q&A session. Claire highlighted some of the key changes that the GDPR will bring including the need to demonstrate compliance, the new right of data portability, the new security reporting obligations and the ability for individuals to recover financial and non-financial loss (such as damages for distress or embarrassment in the event of inadvertent disclosure of personal data). She also offered some practical tips for ways in which businesses can prepare for the GDPR (some of which are available here).

Cathal Ryan from the ODPC said that 2016 had been a very busy year for the ODPC which saw the finalisation of the GDPR, an increase in staff, the opening of a new Dublin office, a number of high profile court decisions, and an increased number of audits and consultations. The ODPC is continuing to prepare for the GDPR by hiring more staff, creating awareness of the GDPR and working with the Article 29 Working Party to ensure consistent application of the GDPR across the EU.

The future of data protection and the GDPR in the UK, in the context of the UK’s departure from the EU, was considered by Iain Bourne from the UK Information Commissioner’s Office (ICO). He acknowledged that the GDPR will apply in the UK from 25 May 2018 until such time as the UK leaves the EU. He said what happens post-Brexit is uncertain but that the ICO is preparing to implement the GDPR and has recently launched a mini-website containing guidance for individuals and organisations.

The day finished up with another expert panel discussion comprised of Cathal Ryan from the ODPC, Tricia Higgins from FHB Consultancy and Lanre Oluwatona from the Irish Computer Society. The discussion created some interesting debate on the role of data protection officers (which will need to be appointed in specified circumstances under the GDPR).

Ann Cavoukian, the creator of the concept of privacy by design gave an interesting presentation via video link. The GDPR aims to establish a culture of privacy by design and default by requiring data privacy to be embedded into a business. Ann said that businesses who incorporate privacy from the very beginning of the design process will save costs in the long term as they are less likely to suffer a data breach.

For more information on the GDPR, take a look at our Guide for Businesses which is available to download from our website: The GDPR: A Guide for Businesses