New EU laws will give consumers ‘more of a say’ over data

Discussion around GDPR wrongly centres on negatives for businesses, says security expert

New data regulations to be introduced across the European Union next year are being promoted as if they are profoundly negative, when in fact they will enable consumers to reclaim control over their personal information, according to a leading security expert.

Speaking on a recent visit to Dublin, Paul Ducklin, a senior technologist at the security software and hardware firm Sophos, said discussion around General Data Protection Regulation (GDPR), has tended to focus on issues such as bigger fines for companies, rather than highlighting the benefits the legislation will bring for both businesses and the public.

“One disservice that has been done to consumers is that the GDPR focus is on the data breach side of things and the fines associated with it. The reality is that there are 99 articles or subsections in the legislation, of which only three relate to breaches,” said Mr Ducklin.

“The reality though is that it is hard to fault much of the motivation in GDPR because it specifically says that companies will no longer be able to just collect whatever information they want to use as they see fit. You can’t say I’m collecting data and I might find a use for it in 10 years’ time. There has to be a specific reason why it is being collected and GDPR helps set the guidelines on what is appropriate to collect,” he added.



GDPR is the most comprehensive data protection legislation to be passed in the history of the EU. The regulation governs the privacy practices of any company handling citizens’ data. It also requires that public authorities and certain companies processing personal data on a “large scale” must have an independent data protection officer.

Mr Ducklin said that rather than it being a case of “technocrats” telling people how they should live their lives, GDPR was very much a case of the EU putting forward a case that consumers should have more of a say over what happens to their data and in questioning why others might want it in the first place.

He also said GDPR, which comes into effect in May 2018, may pose challenges for businesses but was ultimately something that was of benefit to them because it would force them to take greater care over data.

Mr Ducklin’s comments come as a new survey reveals 77 per cent of Irish consumers plan to take advantage of their new rights when GDPR comes into force.

The study of 1,000 adults, which was commissioned by analytics firm SAS, shows two-thirds of adults welcome the right to access to information stored on them while 66 per cent want the right to erase data. In addition, 63 per cent want the right to rectify information about them if it is inaccurate or incomplete with 62 per cent welcoming the right to restrict processing of personal data.

Meanwhile, new research from Baringa Partners reveals companies risk losing up to 55 per cent of customers in the UK if they suffer a significant personal data leak. Of these, 30 per cent of respondents said they would switch provider immediately upon hearing of a breach.

Charlie Taylor

Charlie Taylor

Charlie Taylor is a former Irish Times business journalist