The Irish have finally acted to beef up the country’s data protection regulator, which governs many of the world’s top technology companies, following warnings by commissioner Helen Dixon that her office faces being swamped under the EU General Data Protection Regulation.
GDPR’s “one-stop shop” approach means companies doing business in the EU will only have to answer to the data protection authority in the country in which they are based, rather than all the watchdogs in separate states.
And with so many tech businesses setting up their Euro HQs in Ireland – including Apple, Amazon, Google, Facebook, eBay, PayPal, LinkedIn, Twitter, Salesforce.com, Intel and Oracle – to take advantage of tax breaks, the Irish Data Protection Commissioner’s workload will explode.
The budget for the Irish data protection commissioner increased fourfold to €7.5m (£6.6m) between 2013 and 2017. Staffing levels have risen from under 30 in 2014 to more than 70, with plans to increase this to 100 by the end of the year. Times have changed since 2015, when the office was based next door to a corner shop; the regulator recently moved into offices in Fitzwilliam Square in Dublin.
By comparison, the UK Information Commissioner’s Office has a budget of nearly £20m and estimates it is facing a £42.8m black hole in its finances.
“Individuals are acquiring new rights, data controllers new obligations and data protection authorities new supervisory functions,” Dixon told The Times. “Data protection authorities in Europe are acquiring much greater enforcement powers and will have the capability to impose large fines — up to €20m or 4% of global turnover. All of these features will mean that the Irish data protection commissioner requires additional staff and skills.”
Dixon also said that Brexit could increase the regulator’s workload as more data-rich companies could relocate to Ireland. She said this “would need to be factored into staffing needs”.
“We will add about 30 staff in 2017, bringing our total to between 90 and 100 by the end of the year,” said Dixon. “I anticipate the Irish DPC will need to grow to over 200 staff in the next couple of years given the span and scale of its supervisory role.”
Related stories
GDPR compensation to dwarf £30bn bill for PPI claims
Half of all firms still not compliant with 1998 data laws
Data compensation claims ‘could run into millions’
Major ICO recruitment drive to prevent GDPR meltdown
Cancer Research UK aims to be GDPR compliant by July
Dogs Trust signs deal to secure GDPR compliance
Ten crucial steps to tackle GDPR compliance anxiety