Fáilte o Bhaile Átha Cliath – Greetings from Dublin!

On 11 May, privacy professionals and representatives from European small and medium-sized enterprises met in Dublin to discuss data protection compliance. This was the first in-person conference hosted by the Irish Data Protection Commission since COVID-19 began in 2020. SMEs are the backbone of Europe's economy and represent 99% of all businesses in the EU. They employ around 100 million people and account for more than half of Europe's GDP. They also collect and process a huge amount of personal data.

Irish Data Protection Commissioner Helen Dixon and Croatian Data Protection Authority Deputy Director Igor Vulje explained this conference was a continuation of a European stakeholder forum in 2020 where attendees identified a need to focus on the SME community, raise awareness of the EU General Data Protection Regulation and provide training and resources to help SMEs improve compliance. An initiative between the Croatian and Irish DPAs commenced as part of a wider SME project.

Dixon noted that four years on from the GDPR, it is almost a full-time job for organizations to keep up with new data protection regulations, decisions and guidance, which can seem overwhelming. She said the DPC identified basic issues that continued to trip up organizations, including the need to raise awareness among all staff on data protection basics and provide more detailed training for staff who manage data protection issues.

She noted the importance of staff being able to recognize a data subject request, a personal data breach and whether to report it, and the obligation to appoint a DPO, amongst other compliance requirements. Vulje highlighted the importance of trust between SMEs and their customers and employees. Indeed, "trust is the new gold" became the catchphrase of the day.

I was delighted to moderate and speak at a panel session on "The Lived Experience of SME Compliance" with DPC Deputy Commissioner and Head of Corporate Affairs, Media and Communications Graham Doyle, Griffith College Dublin Head of Marketing Steven Roberts and Future of Privacy Forum Managing Director for Europe Rob van Eijk. We discussed compliance challenges faced by SMEs and identified resources that could help them meet those challenges. The day continued with workshops on legal bases for processing personal data, led by one of IAPP's KnowledgeNet co-chairs Colin Rooney and Isabel Cooke from law firm Arthur Cox. A fireside chat between the DPC's Colum Walsh, TikTok's Caroline Goulding and Google's William Malcolm discussed the accountability challenge presented by the GDPR. The day concluded with a workshop on data breaches, risk assessments and mitigations — all considered through the lens of an SME.

The DPC announced ongoing workshops for SMEs will be rolled out over the next 12 months that will help SMEs continue to develop their skills. By helping SMEs achieve a better understanding of the need for compliance with the GDPR and providing them with needed resources, the outcomes for data subjects will, no doubt, improve.