What every director needs to know about data protection

company directors and data

Company directors and data protection – do you know your duties? If you are a company director, you need to have a deep understanding of how your organisation handles its data. 

In this panel discussion, Claire Morrissey, a partner and head of the data, commercial and technology practice at the Maples and Calder law firm, discusses why directors and board members must be very informed regarding data protection and the risks associated with data. 

Topics for discussion include: 

  • How a director finds out if their organisation is GDPR compliant. Investing in, protecting and exploiting data is a key priority for all businesses. As a director, you need to understand the role data plays in your business and what your responsibilities are in relation to that data.
  • The questions directors should ask their executive team when it comes to data protection. Directors’ general governance duties apply when it comes to data protection. Under Irish company law, these are known as fiduciary duties.
  • Why the data protection officer (DPO) needs a clear reporting line to the board and the chair. 
  • The kind of education a director requires when it comes to the GDPR. What looks like data protection compliance for one business may be entirely different to another business.
  • Why DPOs need independence and freedom to report to the board and the importance of ongoing compliance.
  • Why boards need to exercise oversight as to how the business processes data. 
  • The difference between a company’s non-compliance and a director’s non-compliance under the GDPR. 
  • The dos and don’ts for directors when it comes to the GDPR and the biggest data protection risks for organisations.
  • Examples of companies prosecuted for data breaches under the GDPR. What kind of enforcement action have we seen by the Data Protection Commission and other EU regulators since May 2018?
  • Why corporates, as well as individual directors, can be convicted for GDPR breaches. From January 2020 to January 2021, EU data protection authorities have imposed fines of €158.5m on non-compliant firms.
  • The number of risks facing businesses if they encounter a data breach including regulatory fines, reputational damage, litigation and claims from individuals, as well as the business interruption risk.

Company directors and data protection – about Claire Morrissey

Claire Morrissey is a partner and head of the data, commercial and technology practice at Maples and Calder in the Maples Group’s law firm in Dublin. 

Claire advises on data, digital, cyber and technology across all sectors, including emerging technologies such as AI and IoT. She has a particular focus on GDPR compliance and investigations, emerging technologies and complex sourcing projects.  

Claire also advises on commercial contracts, outsourcing and technology, IP and data aspects of joint ventures and mergers and acquisitions. 

Claire was also the only Irish lawyer to be listed in the prestigious ’40 under 40′ 2018 Global Data Review.