On Saturday, it is one year since the General Data Protection Regulation (GDPR) came into effect.  

Although we have yet to see the Information Commissioner’s Office (ICO) really flex its new muscle to impose fines of up to €20m (or 4% of turnover – whichever is greater), there are no grounds to be complacent.  

Indeed, in the Republic of Ireland, the Data Protection Commission (DPC) recently announced that a statutory inquiry been commenced in respect of Google Ireland Limited’s processing of personal data in the context of its online Ad Exchange.  The 2018 turnover of Google Ireland Limited was reportedly €32bn.  

The purpose of the DPC’s inquiry is to establish whether processing of personal data carried out at each stage of an advertising transaction is in compliance with the GDPR and specifically the principles of transparency and data minimisation as well as retention.  

This anniversary is therefore as good a time as any to take stock and review your data privacy policy and practice to ensure your continued compliance. 

By Paul Sullivan FRSA

Creating unique, engaging content for your law firm clients