The fact that data is now regarded as the new oil in the running of a business, and that the exploitation of data is a very lucrative industry, prompted Shannon Chamber to host a seminar on data protection in conjunction with us and the Data Protection Commission.
The purpose of the seminar, which took place in February 2020 and was hosted by EI Electronics, was to make companies aware of:-
- The risks of leaving their systems open to a breach;
- The importance of complying with GDPR procedures;
- The need to induct new employees regarding data protection;
- Ensure that IT systems are kept fully up-to-date at all times; and
- If using third-party IT contractors, that their service contacts are continually reviewed.
Keynote speakers at the seminar included:-
- Michael Murphy, litigation Partner in our Data and Cyber Risk Unit, who specialises in cyber risks, data protection and defence litigation; and
- Garrett O’Neill, head of consultation in the private and financial sector in the Data Protection Commission.
Garret gave very insightful presentations with real-life examples of data breaches and the consequences of such breaches.
Urging attendees to treat personal data almost akin to ‘money’ for data protection purposes, Michael stated that GDPR somewhat requires companies to act as a bank in relation to their customers data with similar obligations in relation to taking up, storing or returning such data.
Giving an insight into cyber-attacks, Michael explained that they can include stealing customer details, raiding online bank accounts, infecting computers and devices with viruses or stealing business information, acquired through phishing (convincing looking fraudulent emails); vishing (impersonating your bank or other organisation and phoning you at home or at work); smishing (similar to vishing but using texts instead); and internet and social media searches (researching your online profile, Michael warned that 94% of phishing emails use commonly recognised infected file attachment such as pdfs, doc, or xls requiring the recipient to click a link, visit a malicious website and/or download an infected attachment which then infects their PC or mobile device).
Advising attendees to conduct a risk assessment of their IT systems, update their policies and procedures, maintain adequate cyber insurance, train their staff, and have a data breach plan in places, Michael stated:
“It only takes one bad day for a breach to occur and they can be from internal or external sources. You cannot afford to be lax.”
Also speaking at the seminar, Garrett reminded attendees of their obligation to report any data breach that might occur within 72 hours, and stated that while data protection does not prohibit the use of new technologies such as artificial intelligence for machine learning, cloud security, or biometrics for fraud detection, companies must undertake a Data Protection Impact Assessment (DPIA) of all such projects
“You must consider how processing such data is likely to result in a high risk to the rights and freedoms of natural persons. If a breach occurs, you must explain how it occurred, what you have done to reduce the risk, what risks occurred, the data affected and the numbers affected by the breach.”
“Fines incurred as a result of a breach are minimal compared to the cost of rectifying the overall cost of a breach. Such costs could have enormous negative consequences for a business. That’s why companies need to understand what’s going on in the background; it’s more important than what you see,” he added.
Commenting on the value of a seminar of this nature to companies, Shannon Chamber CEO Helen Downes said:
“Employers and employees need to understand and realise the crucial role they play in ensuring GDPR compliance within their organisations, particularly employees dealing with personal data. Prevention is better than cure when it comes to GDPR. It’s an essential business requirement and we hope that this seminar helped in some way to reinforce that message.”
This is the first in a series of seminars Shannon Chamber are delivering with Holmes O’Malley Sexton this year. The second workshop, which will take place on Wednesday, 21st May, will focus on risk management in the workplace. The third seminar will focus on corporate governance.
All photos are ©Eamon Ward Photography