DATA, the new OIL of a business, needs to be protected from unforeseen breaches

Pictured at the GDPR seminar, organised by Shannon Chamber in conjunction with Holmes O’Malley Sexton and hosted by Ei Electronics (from left): Helen Downes, Shannon Chamber; Michael Murphy, Holmes O’Malley Sexton; Garrett O’Neill, Data Protection Commission; and Peter Murphy, Ei Electronics. Photo: Eamon Ward.

 

The fact that data is now regarded as the new oil in the running of a business and that the exploitation of data is a very lucrative business prompted Shannon Chamber to host a seminar on data protection in conjunction with Holmes O’Malley Sexton (HOMS) solicitors and the Data Protection Commission, hosted by Ei Electronics at their Centre of Excellence, Shannon Free Zone.

The purpose of the seminar was to make companies aware of the risks of leaving their systems open to a breach, the importance of complying with GDPR procedures, the need to induct new employees regarding data protection, ensure that IT systems are kept fully up-to-date at all times and, if using third-party IT contractors, that their service contacts are continually reviewed.

Keynote speakers at the seminar, Michael Murphy, partner, HOMS litigation department, who specialises in cyber risks, data protection and defence litigation and Garrett O’Neill, head of consultation in the private and financial sector in the Data Protection Commission, gave very insightful presentations with real-life examples of data breaches and the consequences of such breaches.

Urging attendees to treat personal data almost akin to ‘money’ for data protection purposes, Mr Murphy stated that GDPR somewhat requires companies to act as a bank in relation to their customers data with similar obligations in relation to taking up, storing or returning such data.

Giving an insight into cyber-attacks, Mr Murphy explained that they can include stealing customer details, raiding online bank accounts, infecting computers and devices with viruses or stealing business information, acquired through phishing (convincing looking fraudulent emails); vishing (impersonating your bank or other organisation and phoning you at home or at work); smishing (similar to vishing but using texts instead); and internet and social media searches (researching your online profile), Mr Murphy warned that 94% of phishing emails use commonly recognised infected file attachment such as pdfs, doc or xls requiring the recipient to click a link, visit a malicious website and/or download an infected attachment which then infects their PC or mobile device.

Advising attendees to conduct a risk assessment of their IT systems, update their policies and procedures, maintain adequate cyber insurance, train their staff, and have a data breach plan in place, Mr Murphy stated: “It only takes one bad day for a breach to occur and they can be from internal or external sources. You cannot afford to be lax,” he added.

Also speaking at the seminar, Garrett O’Neill, head of consultation in the private and financial sector with the Data Protection Commission reminded attendees of their obligation to report any data breach that might occur within 72 hours and stated that, while data protection does not prohibit the use of new technologies such as artificial intelligence for machine learning, cloud security, or biometrics for fraud detection, companies must undertake a Data Protection Impact Assessment (DPIA) of all such projects

“You must consider how processing such data is likely to result in a high risk to the rights and freedoms of natural persons. If a breach occurs, you must explain how it occurred, what you have done to reduce the risk, what risks occurred, the data affected and the numbers affected by the breach.

“Fines incurred as a result of a breach are minimal compared to the cost of rectifying the overall cost of a breach. Such costs could have enormous negative consequences for a business. That’s why companies need to understand what’s going on in the background; it’s more important than what you see,” he added.

Commenting on the value of a seminar of this nature to companies, Shannon Chamber CEO Helen Downes said: “Employers and employees need to understand and realise the crucial role they play in ensuring GDPR compliance within their organisations, particularly employees dealing with personal data. Prevention is better than cure when it comes to GDPR. It’s an essential business requirement and we hope that this seminar helped in some way to  reinforce that message.

“This is the first in series of seminars we are delivering with Holmes O’Malley Sexton this year. The second workshop, which will take place on Wednesday, 21 May, will focus on risk management in the workplace. The third seminar will focus on corporate governance.”