Ladies and gentlemen.
As Minister for Data Protection, I am delighted to have the opportunity to speak to you here today. Go raibh míle maith agaibh le haghaidh an cuireadh agus tá fáilte roimh go léir.
To begin, let me thank Peter Carey from PDP for the invitation to speak here today and to thank ROB/COLIN for their kind introduction.
I am delighted to hear that the conference has been fully booked out for some time now, which is a reflection of the increasing awareness of the importance of data protection across our organisations.
It also reflects the quality of the programmes that PDP puts together for such events. Almost a year ago to the day, I spoke at PDP’s 2015 conference, and reflected on an eventful previous 12 months in the area of data protection.
I think that I would be very much justified in making the same statement here today. As we all well know, it has been an extremely busy and eventful year for those of us working in data protection.
The past 12 months has seen the approval of the European General Data Protection Regulation (GDPR) and agreement on the EU-US Privacy Shield that allows for the transfer of data from the EU to the US.
Recent events in the UK and US will also impact on us.
I know you will be hearing from leading experts on the GDPR over the next two days so I don’t propose to go into great detail with you here.
However it is worth highlighting that these and other developments have implications for how we as Government do our business and so today, I will touch on some of the progress that we are making.
General Data Protection Regulation
We know that the new General Data Protection Regulation brings significant changes and challenges for us all. As evidenced by the numbers here today, it is clear that not only do Irish business and organisations know that the Regulation is coming but that you are being proactive in your preparations.
I had the great pleasure of meeting with Commissioner Jourova in Dublin last week, the European Commissioner whose brief includes data protection. She is visiting member states at the moment to discuss progress being made in preparing for the GDPR.
While in Dublin, she also met with industry and trade bodies and she was particularly struck by the quality of the discussions and the level of preparedness among Irish companies. Overall, the Commissioner was very positive about just how advanced Ireland is on this agenda.
We are not taking a wait and see approach – Irish organisations are preparing for the Regulation and you as professionals and leaders in the field are driving this work.
I am particularly glad to see the cooperative attitude being shown by business and industry in relation to GDPR preparations. Many of the trade bodies and large companies have offered to work with Government and the Commissioner’s Office to help spread the word, and to ensure that SMEs in particular are given all the necessary support to allow them comply with the Regulation.
However we should not be complacent. There is significant work needed to ensure that we are all ready to meet the challenges of the GDPR, and looking at the line-up of experts here today and tomorrow, you will all certainly be much wiser leaving here after the two days.
I am very aware that new Regulation brings new obligations for the public sector, over and above those for private sector companies. As major collectors and users of personal data, it is critical that the public sector is at the forefront of excellence in data protection.
Both the Data Protection Unit in my Department and senior officials in the Department of Justice are working to ensure that Government departments and their agencies are ready for 25 May 2018, working through the Inter-Departmental Committee on Data Issues, which I chair, and which is the key vehicle for these preparations and ensuring a consistent approach across the public sector.
We are also working to prepare the relevant enacting legislation. As you know, as a Regulation, the GDPR has direct effect; but there are a number of areas where there is scope for Member States to act independently, including the much talked about ‘digital age of consent.’
You may have seen from its website that the Department of Justice is currently engaged in a public consultation on this issue and I would encourage any of you with an interest in the area to make submissions on this very important issue.
A key issue for organisations that operate across more than one EU member state is the desire for a common understanding of what the GDPR means for us.
A message that I consistently hear is that business does not want light touch regulation. What is wanted is clarity. And clarity and consistency across all member states.
For the EU as a whole to be competitive and attract international investment, we need to have the Regulation applied in the same pragmatic manner across the Union.
Both the Departments of the Taoiseach and Justice, as well as the Commissioner’s Office are actively participating in a number of groups and projects at the European level to support consistency in how the GDPR is interpreted and applied across the EU.
Commissioner Jourova particularly commented on this aspect last week, recognising the leadership role that Ireland is playing at EU level.
The Government Data Forum, which brings together experts from industry, civil society and academia and advises Government on all data-related matters, has also had the GDPR on its agenda for all of its meetings to date, and will be imputing into national legislation.
Office of the Data Protection Commissioner
As the GDPR strengthens the rights of users and citizens while increasing obligations on data controllers, we see the Office of the Data Protection Commissioner take on an ever increasingly important role.
This is particularly so in the context of the One Stop Shop and the European Data Protection Board which will establish the Irish regulator as lead authority for companies with a main establishment in Ireland.
My Department has been working closely with Helen, as well as the Departments of Justice and Public Expenditure, to ensure that her office is adequately resourced to deal with the additional workload that the GDPR will bring.
I am very happy to report that last month’s budget has seen the funding for the Commissioner’s Office increase fourfold to €7.5m over the 2014 figure.
And by the end of this year alone, the number employed by the Office will have more than doubled from the 2014 figure and is set to increase significantly again next year.
This investment is about more than just numbers; it is enabling the Commissioner to recruit the kind of expertise and skills that are central to her Office being able to fulfil its role.
I visited Helen’s office last week and was delighted to meet her, her four Deputy Commissioners and many of her team. I also met the team of technology experts that work with multi-national companies, and while Helen may reference this too, it’s worth making the point that the Irish Commissioner is unique among her peers across the EU in having such an expert resource.
This ongoing increase in funding and staffing is complemented by the Commissioner’s new office on Fitzwilliam Square.
And while these increases have been most welcome, we are not finished yet. We will continue to ensure that Ireland continues to have a modern, well-funded Data Protection Commissioner.
Helen herself will no doubt outline the impacts of this increased investment and her Office’s priorities for the year ahead in more detail.
But I think we can all agree that a strong, independent and credible regulator is at the heart of having an effective data protection regime.
And we are not the only ones who think this. A recent survey of 200 companies undertaken by Forbes on behalf of William Fry demonstrates the high regard in which our data privacy regulatory regime is held internationally. 82% of the 200 companies questioned rated the Irish data protection regulatory climate as ‘good to excellent’.
This is excellent news for Ireland and as the report states, is ‘a very strong indicator of a firm but fair regime that strikes the right balance between businesses and individuals.’
We are entering into a period of uncertainty in the EU and the increasing recognition of Ireland’s data protection regime as being pragmatic and fair will serve us well in this new environment.
Data/Digital Single Market
And I don’t think it is possible to overstate the importance of investing in our data protection regime.
Digital technologies are pervasive in our everyday lives, and each and every day sees new technological advances and applications that impact how we go about our daily business.
Personal data is intrinsic to how these technologies work to deliver the services and products that we all want and need.
And at the same time, digital technologies offer enormous potential both for society and the economy.
At the heart of harnessing this potential is a strong and clear data protection framework that citizens can trust and have confidence in.
And in my work as Minister for the Digital Single Market and EU Affairs, I see on a daily basis just how important a trusted and robust data protection regime is in underpinning our objectives to grow the economy and improve the lives of European citizens. It is not just a nice to have – it is a central part of our infrastructure.
Trust is key to developing this digital market. Survey after survey shows that people want the conveniences and advantages that digital technology brings but will only engage if they can fully trust it.
In order for us to realise the full potential of the digital economy, we need to improve this trust. And we can improve this trust.
But we can only do it by working for it, by having a robust data protection regime and by creating greater understanding and awareness.
Taking the discussion wider – Data Summit
But I think I may be preaching to the converted on this point here today.
What we need to do is expand this discussion beyond those of us directly involved in data protection. Not only within our own companies and organisations but to the population more widely.
We need to begin a conversation about the role of data in modern society, and what that means for us as both citizens and users of data services.
And we need to include those citizens and users in this conversation. As Minister for Data Protection, I am committed to leading this discussion.
As part of its work, the Government Data Forum will be holding a two day flagship international Data Summit next May, when we will be one year out from the GDPR coming into effect.
The objectives of the Summit are to:
o Stimulate an inclusive discussion across society on the role of data in modern society;
o Promote greater awareness of individuals’ data protection rights; and
o Promote Ireland as a thought leader in the area of data/data protection.
The GDPR will, of course, form a core element of the event.
It is hoped that the Summit will help to bring a greater balance to conversations about the use of data, and contribute to a better understanding of the role of data in modern society.
It will also showcase good use examples of data across both the public and private sectors.
We aim to attract key international speakers and we will be targeting a wide audience from across enterprise, the public sector, academia, civil society and the general public.
I hope to see many of you at this Summit, and that through the Data Forum, your sector will have the opportunity to contribute to the programme.
In closing, I would like to thank you for having me here today.
I hope you have a very interesting and enjoyable two days.
And I would encourage you all to make the most of the opportunities that this conference provides in terms of sharing information and best practice with your colleagues.
It is important for us all to take time away from our day-to-day work and allow ourselves the opportunity to think about the important challenges facing us.
I will be staying on for the Q&A session and am happy to take any questions.
Go raibh míle maith agaibh.