Almost nine months after the fanfare, we are settling into GDPR. Or are we? Anne Phillips of Wolfe & Co reviews the rules about dealing with online data
The EU regulation not only seeks to update how personal data must be processed in the digital world, but also to bring about change in terms of how businesses and public bodies treat personal data.
So what exactly does that mean for you and your business?
Let’s recap on some of the key areas you need to focus on to remain GDPR compliant:
Be Accountable GDPR requires you to demonstrate and document that you understand the types of personal data you are holding or processing, where it has come from and what you intend to do with it.
Communicate GDPR requires you to give this information to individuals in advance of processing their personal data. You need to inform them of their rights including the right of complaint where appropriate. All documents and notifications (electronic or otherwise) used to alert individuals to the collection of their personal data need to be GDPR compliant.
Be Aware You need to ensure that you have implemented organisational, practical and technical GDPR compliant measures within your business. Once you have your own house in order you should double check that your suppliers and contractors are GDPR compliant and that robust GDPR compliant contract terms and confidentiality agreements are in place.
Be Prepared GDPR provides rights which allow individuals to request access to their personal data held by you. Such request must be made in writing (which can include email). You are required to provide a detailed reply and respond in a timely manner.
GDPR introduced mandatory notifications where there has been a personal data breach.
You need to have a procedure to detect, investigate and report such breaches. Procedures need to be in place to minimise further potential breaches.
There have been a few high-profile data breaches that have made the news in the past 12 months and Ireland has been at the centre of many of these.
Be Compliant Remember, GDPR introduced robust powers to tackle non-compliance including significant monetary penalties and provided for those who suffer non-material damage to sue for compensation.
The value of personal data should not be underestimated in our current world. GDPR may create challenges, but it also creates opportunity for those companies who show awareness of their on-going obligations, are transparent about how personal data is used and demonstrate that they value an individual’s right to privacy.
This article is for general information purposes only and does not constitute legal or other professional advice. We recommend seeking legal advice to interpret and advice on any aspect of the law. For a longer version of this article, please see www.wolfe.ie.