Northern Ireland to police GDPR ‘proportionately’

It has been revealed, by the Information Commissioner’s Office (ICO) that the new data European Union protection law will be applied proportionately in Northern Ireland.

Despite facing fines of up to 20m euros (£17.5m) for serious data breaches, many companies were still using inadequate practice, according to ICO’s Head of Regions, Ken Macdonald.

The new legislation, which came into force on 25 May, allocates new rights to consumers, including the power to find out what data is being held on them and to delete that information, unless a company has a good reason to keep it.

If a serious breach is detected the Information Commissioner’s Office (ICO) can hit firms with a penalty of €20m euros or 4% of global annual turnover for serious breaches, whichever amount is higher.

Mr Macdonald said “Our key thing is let’s get it right first. We don’t want to be worrying about the breaches, because we want to prevent the breaches taking place. If they do happen, then we will be taking the appropriate action and serving the appropriate level of penalty for the breach.”

He went on to say: “Unfortunately, despite all these stories that we have, from the cases that we have taken regulatory action, security is a big thing, and people are still forgetting about it.

“They forget about, in particular, the paper records. Too often, I see people in public, reading personal, sensitive information. Too often, we fine people and organisations because papers have been left in bags at the train station, on the bus, etc.

“It’s not just about the digital world, it’s not just about encryption, it’s about handling everything – physical and electronic information.”