General Data Protection Regulations (GDPR)

The GDPR is coming 28th of May 2018. Are you ready?

Are you a business or company that retains data or information in relation to your clients or customers?

Any service provider that retains, holds, or processes personal data in relation to its clients need to be very aware of the general data protection regulations due to be in place on the 28th of May 2018.  The requirements placed on the processing of personal data have now been considerably expanded, and a very serious level of potential fines linked to turnover of your company could see greater exposure for your company or business.

Some of the key requirements under the new general Data Protection Regulations are as follows:

  1. Personal Data – There is an extended definition of personal data which includes direct and indirect identification of the data subject.

 

  1. Accountability – There is a new mandatory accountability culture requiring privacy management activities and record keeping with enforcement policies.

 

  1. Expanded Personal Privacy Rights – There are additional rights of access to personal data by data subjects, additional rights in relation to notice, consent, portability and profiling.

 

  1. Data Protection Officer – In certain circumstances there is a requirement by a company or business for an assigned and empowered Data Protection Officer with the role and responsibility of compliance with the data protection regulations in relation to data subjects.

 

  1. Breach Notification Applications – If a breach occurs within your business or company there is a requirement on you to notify the Data Protection Commissioner  within 72 hours of identification.

 

  1. Privacy Impact Assessments – These will be required as part of your in-house practices and policies. This will require regular testing, assessment, a valuation of  effectiveness of technical and organisational measures.

 

  1. Cross Border Transfer – There will be requirements to know all your data processors that are handling personal data within the E.U.  Also with the advent of Brexit, data transferred outside this jurisdiction to the jurisdiction of Northern Ireland or Britain may have very specific requirements.

 

  1. Privacy by Design and Default – You will be required to have embedded privacy related technical and organisational measures in place in order to deal with data protection compliance.

For further information, please contact Carter Anhold Data Protection Solicitors Dublin & Sligo.