Irish data protection commissioner Helen Dixon has fired a warning shot over the bows of the world’s largest tech companies over their GDPR compliance, insisting her office will not be a “soft touch” when it comes to enforcing fines for breaches of the regulation.
With so many tech businesses setting up their Euro HQs in Ireland – including Apple, Amazon, Google, Facebook, eBay, PayPal, LinkedIn, Twitter, Salesforce.com, Intel and Oracle – Dixon will become one of the most powerful regulators in the world.
She has already warned firms to expect a “tsunami” of data requests from customers and despite echoing UK Information Commissioner Elizabeth Denham’s mantra of being a “fair and proportionate” regulator, Dixon told the FT that she was prepared to use powers to fine companies up to 4% of their global turnover if they do not comply with GDPR. She also refuted claims that big tech firms were choosing Irish supervision because the country had the “lowest levels” of data protection.
She countered: “There’s no doubt about it, we will be using the full toolkit. The impacts of misuse of individuals’ personal data in this digital age are very significant.
“It really is a very massive change in the landscape in terms of the way regulation is going to occur and in terms of the way . . . citizens are going to demand that their data is treated.”
Dixon has said Dublin once struggled to cope with oversight of so many companies but insisted this had changed and that her agency had the resources it needed.
The regulator’s funding increased fourfold to €7.5m (£6.6m) between 2013 and 2017 and has risen again this year to €11.7m (£10.5m). Staffing levels have risen from under 30 in 2014 to more than 100, which could double to 200 in the coming years. However, it is still a relatively small operation compared to the UK ICO, which plans to have nearly 700 staff on board and predicts it will need an income of £30m to cover its operations.
Dixon said: “In my view and in the view of the senior management team here the Irish data protection authority was under-resourced relative to the role it was required to play, particularly as the large social media companies began to set up their European headquarters in Ireland. We really don’t bear any resemblance to the authority in 2014 at this point.”
Related stories
Fears grow as ‘millions plan to delete data under GDPR’
Irish boost budget for data regulator over GDPR fears
GDPR compensation to dwarf £30bn bill for PPI claims
Denham seals Treasury pay deal to fight ICO brain drain
GDPR fuels major recruitment drive at UK businesses
Firms face bombardment of data requests under GDPR
Up to 10 million eye GDPR data compensation pay-out
Data compensation claims ‘could run into millions’
Insurance firms face deleting ‘two-thirds of their data’