General Data Protection Regulation (GDPR)
What is the GDPR?
The General Data Protection Regulation 2016/679 (the “GDPR”) came into effect on 25 May 2018.
It is the biggest overhaul in data protection law in over two decades and will have direct effect across all EU member states and across the EEA.
It aimed to strengthen and unify data protection for individuals within the EU, and seeks to bring data protection up to a standard befitting of the increased threats posed to data security in a digital age.
Virtually every business which holds or manages personal data relating to a client, supplier, employee or customer is impacted by the regulations and therefore needs to review its day to day procedures to ensure that business processes will comply with the regulations. Some examples of processes which will require review will revolve those around commercial and business contracts, employee and staff data, third party outsourcing contracts, marketing and client databases/records, websites etc. Typical businesses will involve retailers, professional service providers, business process outsourcing agents, and all employers. There will be different rules for public sector bodies and the issues of consent to holding data and entitlement to privacy will also come under the regulations. The size of the organisation is also irrelevant – every business will need to comply.
For all organisations, public and private, it signifies an era of change in how they collect process and store personal data. More significantly, they now face more stringent financial penalties and fines for non-compliance and breaches - up to €20 million or 4% of global annual turnover whichever is the greater.
Given the vast breadth and application of the regulations across a range of sectors and industries, it is imperative that businesses engage in an early data review to ensure compliance and avoid sanctions when the regulations come into place.
How ByrneWallace can help
As the first large Irish law firm certified with ISO 27001, ByrneWallace has a unique understanding of the challenges organisations face in relation to data security and cybercrime, and the onerous task of ensuring future compliance with the GDPR.
To assist organisations get GDPR-ready, we established a dedicated multi-disciplinary team of lawyers with expertise in all areas of law and experience in advising clients on the area of data protection.
We can provide support across a number of areas – from reviewing policies and procedures to advice on the appointment and duties of a data protection officer; reviewing and re-drafting data processing contracts and the identification of categories of personal data and data processing activities; and training. We also assist clients with gap analysis of their systems and controls, advice on reporting obligations; and liaising with the Office of the Data Protection Commissioner.
Our services include
• General advisory on GDPR
• Data Protection Audits
• Gap analysis
• Drafting policies/contracts
• Advising on procedures and organisational structure
To learn more about ensuring your business is compliant with the new GDPR, contact us for a copy of our 10 Step Guide to Preparing for GDPR .