Irish DPC Helen Dixon on GDPR Enforcement Hurdles One Year In

When will Ireland bring its first corporate GDPR action? The first year of the much-anticipated GDPR has brought tepid enforcement, with the highest-profile regulator still working on the dozens of large-scale investigations it has opened. The Cybersecurity Law Report spoke with Ireland’s Data Protection Commissioner Helen Dixon about the timeline of investigations, her enforcement approach, lessons she has learned and why the €50‑million fine against Google was levied in France and not Ireland. We also share insights from U.K. and Austrian regulators who spoke at the recent IAPP Global Privacy Summit conference on the roles of their agencies. In a companion article, we will discuss Dixon’s experiences so far with breach notification, her insight on private rights of action, her agency’s examination of the role of the DPO and her advice for the U.S. Congress as it considers implementing a federal privacy law. See our three-part series on GDPR essentials for the financial sector: “Benchmarking and Assessing the Risks” (Jul. 11, 2018); “Compliance Steps” (Jul. 18, 2018); and “Staying Compliant and Special Challenges” (Jul. 25, 2018).

To read the full article

Continue reading your article with a CSLR subscription.