8 monthsone week 18 hours

GDPR

About the new regulation

The European General Data Protection Regulation (GDPR) replaces the existing Data Protection Directive and comes into force with immediate effect in May 2018. This Regulation applies to data controllers or data processors that keep or process any information about living people referred to as data subjects. If you are presently required to comply with the Data Protection Acts (DPA) then GDPR will also apply.

About the new regulation
Preparing for the changes

Preparing for the changes

The ODPC in Ireland has urged organisations to begin preparing for GDPR without delay and to carry out a review of all current and envisaged processing activity. This is complemented by guidance from other supervisory bodies. 

While GDPR suggests security technologies and approaches such as encryption and pseudonymization, it does not offer an exact checklist for technology solutions and technical processes that should be in place to protect personal data under your control.

Enhancing your security for GDPR

Engaging a security partner to assist with your GDPR preparations ensures that you get an unbiased, independent review of your current security posture from a team of experts in the information security field who can advise on the best approaches for your business depending on your size and level of risk.

Our security teams have a proven track record of delivering compliance programmes to our enterprise clients across all verticals and ensure that they make the best use of the people, processes and technologies already in place, in line with any regulation requirements. Read about our GDPR Services.

Enhancing your security for GDPR

FAQ

If the Data Protection Acts apply to your organisation then GDPR will also apply. Both controllers and processors of personal data must comply with GDPR and processors can now also be held accountable for data breaches.

You are a data controller if you are an individual, organisation or corporate body that decides what personal information is going to be kept and the use to which the information will be put.You are a data processor if you process personal data on behalf of a data controller keeping in mind that processing also includes storing or deleting data.

Personal data is defined as “any information relating to an identified or identifiable natural person.” This includes online identifiers such as IP addresses, location, generic data and cookies if they are capable of being linked back to the data subject.

Audits will be carried out by the local data protection authority which in Ireland is the Office of the Data Protection Commissioner (ODPC). Organisations may be targeted following a desktop audit by the ODPC, as part of a series of themed audits or possibly as the result of a complaint by an individual.There is some very useful information on recent audits carried out by the ODPC in their annual report for 2016 and more detailed guidance on how audits are carried out by the ODPC.

GDPR Updates

“Data protection laws exist to ensure fair play for everyone in how their identity and personal data is used by big corporations, governments and all sorts of organisations and businesses. The GDPR is a game- changing overhaul of our current data protection laws. It will impact every type of company and organisation regardless of their size and require many of them to take significant action well before May 25th 2018. As of today, we have one year to go before the implementation of the GDPR and the DPC is here to assist companies and organisations understand the steps they need to take on their journey towards GDPR-readiness. Through our engagement with industry and organisations from all sectors, as well as our new website which will be regularly updated with new guidance, our aim is to drive awareness of the new law by providing information and guidance that will assist organisations to be GDPR-compliant by May 2018."

Helen Dixon, Data Protection Commissioner, 25 May 2017

Talk To A GDPR Advisor We have a team of GDPR and privacy experts available to advise you on GDPR compliance.