Gdpr services Galway

Do not ignore the new General Data Protection Regulations

With technology having transformed our lives in a manner that no one could have envisaged, a complete review was required on how to protect people’s personal data. GDPR replaces the 1995 Directive, which was adopted at a time when Social Media and The Internet were only developing. GDPR is now recognised as law across the European Union and every member state has to have documented policies and procedures in place so as to be compliant with GDPR’s Six Personal Data Principles, where personal data must be:

• Processed lawfully, fairly and transparently
• Collected for specified, explicit and legitimate purposes
• Adequate, relevant and limited to what is necessary
• Accurate and up to date where necessary
• Kept for no longer that is necessary, where data subjects are identifiable
• Processed securely and protected against accidental loss, destruction or damage

Businesses & SME’s need to meet these personal data protection and data privacy documentation obligations and verify their requirements and needs ensuring that they are compliant with the new mandatory regulations and be compliant against GDPR that was proposed on 1st January 2012, adopted on 27th April 2016 and became law in May of 2018 as The Data Protection Act 2018.

Business’s needs, products and services for GDPR include:

• Initial Consultations
• Personal Data Information/Category Inventory
• Existing Data Protection Systems Analysis
• Guidance Consultations (working towards GDPR Compliance)
• Inspections
• Audits
• Data Privacy Impact Assessments (DPIA)

Responsiveness to GDPR customer issues should be a core and important part of any business. Being able to respond to GDPR enquiries through your Data Protection Controller or GDPR Champions is critical to being compliant. Businesses need to work with internal/external Certified Data Protection Officers who are trained, have experience and understand your business.

GDPR is now alive and kicking, and part of our working day!

Do not ignore it.

GDPR Web Ready Package

Data Subjects Rights

Data Subjects Rights…

GDPR provides the following rights for Data Subjects i.e. individuals:

  1. The right to be informed about what data is being held about them
  2. The right of access to their personal data
  3. The right to rectify their personal data
  4. The right to erase their personal data
  5. The right to restrict the processing of their personal data
  6. The right to data portability i.e. transferral between Data Protection Controllers
  7. The right to object to their personal data being used
  8. Rights in relation to automated decision making and profiling of their personal data

Data Subjects have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR. As an organisation, you must provide individuals with information such as your purposes for processing their personal data; your retention periods for that personal data, and who it will be shared with. This is called ‘privacy information’.

You must provide this privacy information to Data Subjects at the time you collect their personal data from them. If you obtain personal data from other sources, you must provide Data Subjects with privacy information within a reasonable period of obtaining the data and within one month.

There are a few circumstances when you do not need to provide Data Subjects with privacy information, such as if a Data Subject already has the information or if it would involve a disproportionate effort to provide it to them. The information you provide to Data Subjects must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language.

You must regularly review, and where necessary, update your privacy information. You must bring any new uses of a Data Subject’s personal data to their attention before you start processing it.

Getting the right to be informed correctly can help you to comply with other aspects of the GDPR and build trust with Data Subjects, but getting it wrong can leave you open to possible fines and reputational damage.