Issues surrounding cyber security and data protection are becoming much more central for businesses in Ireland today. Cyber-attacks are becoming increasingly sophisticated and their fallout can be catastrophic for many businesses. Banks and other financial institutions have been traditional targets for these attacks but now many more types of businesses are being targeted by nefarious attackers.
In light of these developments’ cyber security and data protection legislation has been implemented which places obligations on business to protect their clients and customers. There is also an ongoing gap in the speed of technological developments and regulation catch up. As a result of this it is important that businesses take a proactive approach in implementing policies to protect their interests even where the law develops.
It is vital that companies are aware of existing regulations and ongoing developments and are advised on how best to implement policies that will protect their business. It is also important to note that businesses may be exposed to significant civil liabilities if a failure to implement sufficient policies leads to losses of a client or customer due to cybercrime.
Data Protection is a particularly important area in Cyber Security due to the potentially enormous value of client and customer data. The General Data Protection Regulation (GDPR) became law in Ireland on 25 May 2018 and is one of the regulatory frameworks that all business that handle data should be aware of.
The Office of the Data Protection Commissioner has highlighted eight rules for business which can be summarised as follows:
- Data Controllers must collect and process data in a fair manner.
- Data must be retained for lawful purposes only
- It must be processed in line with the reasons it was collected
- Data controllers must ensure data is kept in a secure manner.
- They must ensure data is accurate
- They must ensure information kept is relevant and that excessive data is not held.
- Data must be held for no longer than necessary
- Individuals must be provided with copies of their personal data if requested.
For many businesses it is difficult to interpret how these rules should be implemented and Augustus Cullen Law can advise on policies to assist businesses in complying with GDPR and protecting their client’s data.
Cyber Security standards for businesses in Ireland
The Network and Information Security Directive or Cyber Security Directive and the Cyber Security Act 2019 are important parts of EU legislation that concern protection from cybercrime. The former piece of legislation was transposed in Ireland in September 2018 and the latter continues to be implemented in Irish law through various acts and regulations.
These acts are vital for businesses such as digital service providers as they place a number of notification and security obligations on them. This new framework for cyber security also standardises ICT security certification to ensure that businesses can have full faith in the systems they use. Businesses in these areas should seek advice on ensuring their products are compliant with the act to avoid penalties that the acts allows for.
Other important legislation around Cyber Security that is yet to be enacted include:
The Criminal Justice (Offences Relating to Information Systems) Act 2017 which strengthens a number of areas of domestic law to protect businesses and individuals from cybercrime.
The Communications (Retention of Data) Bill– which will repeal the 2011 Communications (Retention of Data) Act and will be important legislation for telecommunications businesses.
Online Safety and Media Regulation Bill which will place obligations on a wide range of businesses to protect users from harmful audio-visual content.
For more information on how ACL can assist you in ensuring robust data protection and cybersecurity policies for protecting your business you can contact firstname.lastname@example.org or email@example.com.
16 April 2020