GDPR

About the new regulation

The European General Data Protection Regulation (GDPR) replaces the existing Data Protection Directive and comes into force with immediate effect in May 2018.

Organisations are being urged to ready themselves for GDPR without delay. 

Read about our security focused GDPR Services.

About the new regulation
Preparing for the changes

Preparing for the changes

While GDPR suggests security technologies and approaches such as encryption and pseudonymization, it does not offer an exact checklist for technology solutions and technical processes that should be in place to protect personal data under your control.

Engaging a security partner to assist with your GDPR preparations ensures that you get an unbiased, independent review of your current security posture from a team of experts in the information security field who can advise on the best approaches for your business depending on your size and level of risk.

Enhancing your security for GDPR

Our security teams have a proven track record of delivering compliance programmes to our enterprise clients across all verticals and ensure that they make the best use of the people, processes and technologies already in place, in line with any regulation requirements.

Focusing solely on the security articles of GDPR, our services help our clients on their way to GDPR compliance by aligning their processes and systems with information security best practice. Read about our GDPR Services.

Enhancing your security for GDPR

FAQ

If the Data Protection Acts apply to your organisation then GDPR will also apply. Both controllers and processors of personal data must comply with GDPR and processors can now also be held accountable for data breaches.

You are a data controller if you are an individual, organisation or corporate body that decides what personal information is going to be kept and the use to which the information will be put.You are a data processor if you process personal data on behalf of a data controller keeping in mind that processing also includes storing or deleting data.

Personal data is defined as “any information relating to an identified or identifiable natural person.” This includes online identifiers such as IP addresses, location, generic data and cookies if they are capable of being linked back to the data subject.

Audits will be carried out by the local data protection authority which in Ireland is the Office of the Data Protection Commissioner (ODPC). Organisations may be targeted following a desktop audit by the ODPC, as part of a series of themed audits or possibly as the result of a complaint by an individual.There is some very useful information on recent audits carried out by the ODPC in their annual report for 2016 and more detailed guidance on how audits are carried out by the ODPC.

GDPR Updates

“Data protection laws exist to ensure fair play for everyone in how their identity and personal data is used by big corporations, governments and all sorts of organisations and businesses. The GDPR is a game- changing overhaul of our current data protection laws. It will impact every type of company and organisation regardless of their size and require many of them to take significant action well before May 25th 2018. As of today, we have one year to go before the implementation of the GDPR and the DPC is here to assist companies and organisations understand the steps they need to take on their journey towards GDPR-readiness. Through our engagement with industry and organisations from all sectors, as well as our new website which will be regularly updated with new guidance, our aim is to drive awareness of the new law by providing information and guidance that will assist organisations to be GDPR-compliant by May 2018."

Helen Dixon, Data Protection Commissioner, 25 May 2017

Talk To An Advisor Our security teams have a proven track record of delivering compliance programmes to our enterprise clients.