Data commissioner to look for more staff and funding

Office has enhanced role under GDPR as main regulator in EU for tech giants like Facebook

Data protection commissioner Helen Dixon who spoke at the American Chamber of Commerce Ireland’s US-Ireland business conference. Photograph: Dara Mac Dónaill/The Irish Times

Data protection commissioner Helen Dixon who spoke at the American Chamber of Commerce Ireland’s US-Ireland business conference. Photograph: Dara Mac Dónaill/The Irish Times

 

The Republic’s data protection commissioner expects to have to seek additional funding anbd staff for 2020 given its role in regulating technology companies located in the European Union.

Speaking at the American Chamber of Commerce Ireland’s US-Ireland business conference, Helen Dixon said when she took over as commissioner the commission had about 26 staff, “we now have 133 today, we’re recruiting another 30 this year and we anticipate we’ll be seeking additional budget for next year”.

The commission has increased responsibility given the introduction of the General Data Protection Regulation (GDPR) which effectively introduced a one stop shop for multinational companies. It meant that the companies deal with the regulator in the European member state in which they have their main office. The regulator in Ireland is the main regulator across europe for companies including Facebook, Microsoft and Google.

James O’Connor, the managing director of Microsoft’s international operations, noted that at least one third of the European Union’s data is being managed out of Ireland as a result of both the companies based here and data centres located in the country.

In the year to the end of May 2018, the Data Protection Commission found a “massive increase” in the number of complaints lodged, Ms Dixon said. She found that in the roughly 4,000 data breaches reported, human error played a significant part. The regulator has opened statutory enquiries in 48 cases.

Asked about the impact of Brexit on the movement of data. Ms Dixon said that if there’s a withdrawal agreement, there’ll be “data free flows” until 2020. If there’s a no deal, however, the UK becomes a third country for data purposes. That means that any Irish company transferring data to the UK or Northern Ireland would have to have additional safeguards.

Ms Dixon gave the example of the GAA or An Garda Síochána and companies where payroll functions are outsourced to other entities located outside the Republic.

“There will be resourcing cost implications for sure,” Ms Dixon said.