Understanding what’s changing under GDPR

Consent will remain a basis for processing personal data - but there will be stricter rules around its use, says data protection consultant

21st June, 2017
Fintan Swanton of Cygnus Consulting Ltd

What's your name?

Fintan Swanton.

What position do you hold?

Senior data protection consultant and MD at Cygnus Consulting Ltd

How long have you held the position?

17 years

What are your day to day responsibilities?

Providing data protection consultancy and advice to clients such as conducting data protection audits, managing data breaches, or carrying out privacy impact assessments.

We provide data protection training in-house for clients and also offer public presentations of data protection courses in collaboration with the Irish Computer Society and the Institute of Public Administration.

What is your professional background?

I’ve been an ICT professional for thirty years and have worked in software engineering, database administration and service delivery.

For the last seven years, my main area of work has been data protection compliance. With my background, my aim is to equip clients to apply data protection rules in a practical, pragmatic, and effective way in course of their day-to-day operations.

I’m a certified data protection practitioner, certified information systems auditor, chartered engineer and chartered IT professional. I’ve an MSc degree in computing and I’m currently working towards a Master of Laws (LLM) degree, focussing on data protection law.

Tell me about yourself away from work?

I live with my family in what the Irish Times tells us is the 'Best Place to Live in Ireland' - Westport, Co Mayo.

Tell us something very few people know about you?

I’m group leader of Westport scout group and at the moment I’m helping out our national body, Scouting Ireland, with its data protection compliance.

You are speaking at our GDPR Summit in September. What are you speaking about?

'Managing Consent: Understanding what’s changing under GDPR.' Consent will remain a valid basis for the processing of personal data, but there will be more stringent rules around its use. For example, “opt-out” consent will no longer be considered valid and there will more specific provisions around the reliance on consent from minors.

What challenges do you see for organisations implementing the new regulations?

Up to now, a lot of Irish organisations have taken a fairly relaxed approach to data protection compliance, because the perceived consequences for getting it wrong were not great. This is going to be the biggest challenge - changing often inadequate and casual organisational culture as it relates to privacy and data protection matters.

A lot of emphasis has been laid on the much larger financial penalties provided for in the GDPR. To my mind, a more significant consideration is the much greater range of infringements which will be subject to penalties than at present, thus creating much greater compliance risks for organisations.

To take just one example, failure to properly secure personal data is not an offence under the Data Protection Acts and therefore no direct financial penalty can at present be imposed for a data breach. This will no longer be the case after next May.

Senior data protection consultant and MD at Cygnus Consulting Ltd, Fintan Swanton, will be appearing at the GDPR Summit on Tuesday, September 12 at Croke Park, Dublin. Make sure your business is ready for this important legislation with GDPR17.com.

Share this post

Related Stories

Tom Maguire: Tax changes we make now could help business for years

More Business Tom Maguire 10 months ago

The Daily Briefing

The Daily Briefing