As the companies doing business in Europe are trying to get their arms around the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), but so far not making substantial headways, the European Data Protection Authorities (DPAs) are doing their own GDPR preparation by securing increased budgets and additional workforce.
Last week, the Irish Data Protection Commissioner (DPC), Helen Dixon, has “welcomed” the additional funding of €2.8 million for her office’s 2017 budget, as announced by the Government, bringing the total funding allocation to the DPC to over €7.5 million. The 2017 budget increases are in line with the increases in 2015 and 2016, representing a 59% increase on the 2016 allocation and over four times the €1.9 million provided to the DPC in 2014.
Commenting on the 2017 funding allocation, Helen Dixon stated:
“The additional funding being provided by Government in 2017 will be critical to our preparations for the implementation of the EU General Data Protection Regulation in May 2018. In 2017 we will continue to invest heavily in building our capacity and expertise, including the recruitment of specialist staff, to administer our new enforcement powers and all of our additional responsibilities under the new law.
The functions and responsibilities of the DPC, as the national supervisory body, are being fundamentally redrawn and expanded by EU General Data Protection Regulation. I therefore very much welcome the public commitment of the Minister for Data Protection to keep the resourcing of my office under review so that I continue to have all of the necessary resources to fulfil my statutory functions. Ongoing resourcing of the DPC is critical to the effective regulation of data protection compliance, safeguarding individual data protection rights and enabling business and innovative enterprise to expand and develop in data protection compliant manner.”
The increases in the DPC’s staffing are keeping up with the increases in its budget. The DPC more than doubled its staff since 2014 to almost 60 professionals, including legal, technical, and investigative experts. The DPC plans to use some of the 2017 funding allocation to nearly double its staff again, bringing the number of its employees to around 100.
These funding and staffing increases will undoubtedly result in increased investigations and scrutiny of companies’ compliance with the European data protection laws. Although the GDPR does not become effective until May 2018, the complexity of the changes it will bring and the hefty fines contemplated by it will require the companies to put serious efforts into their own GDPR preparation.