In 1980 the OECD published Privacy Guidelines. I was in school. Following the publication, the EC started its journey to regulate the privacy of personal data which culminated in the General Data Protection Regulation in 2016. I grew up, learned about the value of privacy to others (and myself), the value of the GDPR and the risks that it poses to small and medium countries.

The EC’s first step was the Convention for the Protection of Individuals with regards to Automatic Processing of Personal Data which resulted in the first Irish Data Protection Act in 1988.

I was learning about privacy in more practical ways. On the farm, we grew potatoes and sold them from the yard, through local shops and distributors. While at school, I helped in a local credit union branch. The credit union opened for an about hour on a Saturday evening. It provided savings and loans facilities for the local area. These commercial operations teach you how people value their privacy and why.

Collecting and securing data was a fundamental part of my first job after college. I was developing software to assist financial services sales executives in quoting their customers. The software collected the details of the customers and calculated the appropriate quote.

The EU’s data protection regime continued to develop through the nineties, and the Data Protection Directive was published in 1995 and transposed into Irish law in the Data Protection Act 2003.

The advent of the world wide web and the technology boom at the end of the century contributed to increased collection and storage of data by companies. It also allowed people to publish their websites. I published my first website in the early years of this century.

The invention of the social networks made it easy to publish information, much of it personal information. They shared it with your friends, and also, frequently, with the world. Perhaps all this sharing means that privacy is dead and will live in a transparent utopia. Would the world be a panopticon, or would the rights to privacy and protection of our data by sustained?

Consider the risk that a wild night might cost you a future job even if the hiring manager had their own, not as well documented, wild night. While a completely transparent society might be utopian, the change required to achieve such a world would be too painful for too many people. Privacy is not dead.

In 2016 the EU’s next iteration arrived, the General Data Protection Regulation. The regulation aims to provide a consistent approach to data protection across all of the EU as a principal enabler for the single digital marketplace.

The regulation supports the principles of Privacy by Design to ensure that personal data is collected and used in the interests of the data subject and provides the data subjects with rights so that they can ensure that companies correctly steward their data.

Two years later, the first review on the implementation of GDPR is due for publication shortly.

GDPR has had an impact on data privacy across the world, and there is a general acceptance that data privacy is a good thing and should be protected. People are becoming increasingly aware of the value of their data, both to themselves and companies. They will become more willing to assert their rights and hold companies to account.

As the EU published the GDPR, in 2016, I started a full time MBA and decided to focus on the impact of data protection on small and startup companies for my thesis. Modern technologies enable, and often, require, the collection of personal data. With the ease of data collection, awareness by the data subject of their rights and a drive towards using digital technologies there is a risk for small and medium-sized companies that they do not appropriately control the risks related to data protection.

Jerus Data Protection Limited was founded in 2018 to help SMEs to establish and maintain data protection programmes. These programmes help them to manage data protection risks and demonstrate accountability to their customers (and the Data Protection Commission if necessary).