There is some controversy surrounding the Data Safety Bill 2018, which has just been submitted to the Irish Parliament. The Data Safety Bill is proposed to include General Data Protection Regulation (GDPR) into Irish law. Nevertheless, there has been concern about the way the Bill tackles the issue of fines for defiance.
Once GDPR turns into law all over Europe, on 25 May 2018, companies and organizations can face inflated penalties if they do not conform. The maximum penalty for non-compliance is 20 million Euros, or 4% of the yearly transaction, whichever is more. In Ireland, the Data Protection Bill which is going to be debated by Parliament states that government organizations are omitted from these fines unless they act in direct rivalry with a private company
Worries of the Data Protection Administrator
When it was first proposed that government organizations would be immune from fines, last year, the Data Safety Commissioner, Helen Dixon voiced her concerns. She stressed that the fines were in place to prevent organizations from potential defiance and specified that definitely, this was vital in government organizations, where most people anticipated a higher level of data safety compared to in private firms. Regardless of these concerns being mentioned, the Bill still refers to the point that fines won’t be levied on government organizations.
However, this might not be the conclusion of the story. When he was questioned concerning the debatable inclusion of the exclusion in the Law, Justice Charlie Flanagan said that the Parliament is yet to debate the Bill. For that reason, is it still likely that alterations will be made?
Whatever takes place in Parliament, and whatever the Bill says, Justice Flanagan also made it obvious that all government organizations will be supposed to abide by GDPR; in fact, they will be supposed to act like a role model for others. Right now, it doesn’t seem as though there will be any fiscal repercussions for government organizations that do accomplish these expectations.