Enforcement of GDPR in Ireland undermined by delays to IT project
The Data Protection Commission’s (DPC) ability to enforce GDPR rules in Ireland has been undermined by years-long delays to a crucial IT project, privacy campaigners have warned.
Documents obtained by the Irish Council for Civil Liberties (ICCL) under the Freedom of Information Act show that the watchdog continues to use Lotus Notes five years after announcing plans to adopt a new system.
A former DPC employee reportedly told ICCL that using Lotus Notes to organise and handle complicated GDPR complaints handling and investigations is “like trying to run your payroll system with an abacus”.
The DPC has spent at least €615,121 on its major internal ICT project, which it originally hoped would be completed by the introduction of GDPR in May 2018. It expects to spend another €450,000 on the project in 2021.
Dr Johnny Ryan, an ICCL Senior Fellow, said: “The GDPR gives Ireland a central role in protecting data rights across the entire European Union, monitoring how Google, Facebook, and others use our data. But the DPC is not configured for its digital mission.
“What we have discovered indicates that it cannot run critically important internal technology projects. How can it be expected to monitor what the world’s biggest tech firms do with our data?
“This raises serious questions not only for the DPC, but for the Irish government. We have alerted the Irish government of the strategic economic risk from failing to enforce the GDPR.”