Auto-renewal for 2025 licences is now in process, and we’re experiencing higher-than-usual wait times on our phone lines. For FAQs, visit this link.


Jul 2017

24

GDPR - What businesses need to know

Data protection and how personal data is managed is changing forever. On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force. The GDPR is a European privacy regulation replacing all existing data protection regulations.

The current data protection legislation in Ireland dates back to 1998 and 2003, predating current levels of internet usage and cloud technology, making it unsuitable for today’s digital economy.

The GDPR will apply to any personal data of EU cititzens, regardless of whether it is stored within or outside the EU. Most, if not all companies, process a level of personal data, whether it is customer details or employee details, therefore businesses need to be aware and plan for the new legislation.

What is Personal Data

The GDPR substantially expands the definition of personal data. Under GDPR, personal data is any information related to a person, for example a name, a photo, an email address, bank details, their personnel file, or a computer IP address.

Key Changes

Some of the key changes included as part of the GDPR include:

Consent must be clear, distinguishable from other matters and provided in an easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.

Breach Notifications: where a breach occurs, the Data Protection Commission and affected data subjects must be notified within 72 hours of the breach coming to light.

Data Subjects will have additional rights, including:

  • Access Rights: data subjects may obtain from a data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
  • Right to be Forgotten: data subjects will have the right to request that their personal data be erased, or ceased to be processed.
  • Data Portability: data subjects will have the right to receive the personal data concerning them, and the right to transmit that data to another controller.

High Penalties

Ignoring the new legislation is ill advised as there are tough new fines for non-compliance. Companies or organisations found to be in breach of the legislation will face fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater. The Data Protection Commissioner is the authority responsible for enforcing data protection obligations in Ireland. In preparation for the legislation, the Commission is doubling it’s workforce, leaving no doubt that they will be taking their new responsibilities extremely seriously.

To Do

If you have yet to start planning for GDPR click here for guidance on how to prepare.