GDPR in Ireland: Are You Ready to Protect Your Company?
The General Data Protection Regulation is designed to strengthen and unify data privacy requirements across the European Union. The regulation, which is to come into effect May 25th 2018, reinforces citizen’s rights in the digital age and to the new security requirements that accompany this era of the Internet. However, the application of the GDPR implies that all companies should revise their procedures, from how they obtain data, to how it is processed, stored and protected in terms of their security environment.
Some key changes of the new GDPR:
GDPR Wider Territorial Scope –
- The new regulations will now not only apply to EU organisations, but also to overseas organisations. Overseas organisations are not established within the EU, but process personal data. This regulation will apply where the processing of the data is related to the offering of goods or services. Or where the monitoring of an individual’s behaviour such as Internet use profiling takes place within the EU.
Data Protection Officer –
- In order to follow the new regulations, your company will appoint a new data protection officer who communicates with competent authority. It is then the authorities job to ensure that the company complies with the new regulations.
Mandatory Breach Notifications –
- A company must notify the Data Protection Commissioner within 72 hours where a breach in data is likely to result in a risk to the rights of the data owner. In addition, if these rights are at risk, the data owner must also be notified of the breach.
Tougher Sanctions –
- The new regulations introduce much tougher sanctions for breach. With penalties of up to 4% of annual global turnover or €20 million. In addition, these are dependent on whichever is higher for companies who do not comply with the new regulations.
New Principle of Accountability –
- The concept of accountability requires that companies be able to validate the ways in which they comply. With the new GDPR data protection policies and procedures when conducting business.
New Citizen Rights –
- The new regulation allows individuals the right to query their personal data and make modifications. Or have any irrelevant or out-dated information removed from the data controller’s external devices.
Consent Must be Explicit –
- The consumer or data owner must give explicit consent in the form of a statement or clear affirmative action for a company to use their personal data. Legal consent must be given and the onus is on the data controller to prove that the data owner gave his/her explicit consent.
Privacy Impact Assessment –
- The GDPR has made it compulsory for an organisation to undertake a Privacy Impact Assessment. Similarly, undertaking a Privacy Impact Assessment means applying a methodology for evaluating the consequences in processing personal data and requires that a company create an action plan to mitigate possible risks involved.
The GDPR highlights the importance of transparency, security and accountability by data controllers. While simultaneously standardising and strengthening data protection privacy rights for European Citizens. . We understand what the GDPR means for our customers and so we offer highly trained customer service staff at our call centres who will collect, process and store customer information in accordance with the new regulations, ensuring a high level of confidentiality and security. In addition, we are also ready to take care of your database needs; we offer database cleansing in line with the new policies, removing any irrelevant or duplicated customer information to help you achieve meaningful customer relationships. If you would like to know more about the services that we offer, contact us here today.