GDPR Compliance Services

GDPR has a wide definition of what constitutes personal data, plus it places stringent requirements on organisations who process personal data.
GDPR has a broad definition of personal data

DigiTorc works with organisations all across Ireland to develop and implement cost effective and streamlined ways of working. For organisations who handle personal data there are certain processes and procedures that just have to be in place. Typical examples are:

  • Publishing and updating Privacy Policies
  • Managing Subject Access Requests
  • Controlling a  Data Breech.
  • Documenting Legal Justifications for processing
  • Implementing and tracking Retention Policies
  • Auditing of direct and indirect Data Processors

Our objective is to get your organisation compliant while not over complicating matters.  GDPR can be a strategic differentiator helping businesses to grow, not just another compliance matter. Besides putting in place the various technology solutions, strategies, policies and plans required to meet EU GDPR requirements, we also offer an outsourced Data Protection Officer service and  carry out any internal training or DPIAs that may be necessary.

In the next few years the GDPR principles will be applied and interpreted by regulators and courts across Europe. Some findings & decisions may be appealed and overturned others will become settled law. Based on the application of law across the EU 27, plus the EEA and the UK it will be necessary to change ways of working,  policies and procedures. DigiTorc will be with you for the entire GDPR compliance journey.

If you would like to talk to someone about GDPR compliance work please contact us

  • Convention 108: What and who? As we have written about elsewhere on this site, Convention 108 was the first enforceable Data Protection transnational legislation globally.  As the Council of Europe (CoE) describes it “This Convention is the first binding international instrument which protects the individual against abuses which may accompany the collection and processing of personal data and which seeks ...
  • European Data Protection and Data Privacy law Without doubt Europe is driving the emergence of Data Protection laws across the globe. This tends to be framed as a result of the introduction of GDPR.  However as we have noted previously because of the two supranational legal orders in Europe,  today there are two subtlety different laws governing data protection as well as data ...
  • Do I have to do a Data Protection Impact Assessment? The law across Europe now says a DPIA is required when the processing is “likely to result in a high risk to the rights and freedoms of natural persons” (GDPR Article 35(1)).  Where the key term is “high risk”. To be clear not all processing requires a DPIA.  A DPIA is mandatory for that subset of processing activities which meet the threshold of high risk. Since GDPR ...
  • CCTV and Data Privacy: What’s the story? A sensible and well-designed and CCTV system is a powerful tool for deterring criminals and tackling security issues. On the other hand, badly designed systems, cause legal and PR problems while generating a false sense of security. In our experience, privacy and security are not mutually exclusive. We find a pragmatic approach based on the twin ...
  • PECR: an Introduction Privacy and Electronic Communications Directive (PECR) refers to a set of European directives which have been issued and refined since 2002. These directives were written specifically to address the requirements of new digital technologies and ease the adoption of new and innovative electronic communications services. The Directives complement the Data Protection Directive and applies to ...
  • Four key points to include in contracts between Data Controllers and Data Processors The General Data Protection Regulation (2016/679), imposes clear requirements controlling the appointment of data processors by data controllers.  One of these is a requirement prescribing various matters which must be stipulated in a written contract (Article 28). As and from 25 May 2018 all agreements between Data Controllers and Data Processors need to meet these new GDPR requirements. This is a major change for many organisations, who ...
  • GDPR Data Retention: Adequate, relevant and not excessive Many people ask us how long they should store data for to be GDPR compliant. The very brief answer from the EU is: You must store data for the shortest time possible.   This phrase “shortest possible”, while certainly punchy is sadly imprecise.  This article attempts to shine some light on what it really means. Public accountability The obligation ...
  • Consent: one of six lawful bases to process personal data, in GDPR Article 6 of Regulation 2016/679, the General Data Protection Regulation (hereafter: GDPR). sets the conditions for a lawful personal data processing and describes the six and only six, lawful bases for personal data processing, only one of which is consent. It is important to note that one of these six bases must be established prior to processing for each specific purpose. Generally, consent can only be ...
  • GDPR and Charities in Ireland Ireland is fortunate in having a thriving voluntary sector. A sector which between employment, sport, caring and entertainment touches the lives of almost every citizen on the island of Ireland. Possibly retaining personal data on every citizen on the Island of Ireland. Every city, town and parish in the country has sports clubs and schools ...
  • Google Analytics and GDPR Most Irish businesses use Google Analytics as their main web analytics tool and for many it’s the only tool they use to tell how their website is working. Firstly its free for most users and it’s relatively straightforward to use You (or your developer) install Javascript code on web pages to track (monitor) website users When users ...