The Data protection officers (DPO) is an unusual role, as it has some statutory functions and independence, yet still exists within an organisation’s line structure. GDPR did not introduce the concept of DPO. The practice of appointing a DPO has developed in several Member States over the years since Directive 95/46/EC3 in October 1995. However since the coming into force of GDPR appointing DPOs is now mandatory […]
Sometimes the division between Data Processors and Data Controllers is not simple. Where more than one entity has control in determining the processing requirements, there can be multiple Data Controllers. This situation can lead to “Joint Controllers” which needs to be managed carefully. To recap: the Data Controller determines the purposes for which and the manner in which personal data […]
There is a certain amount of confusion around Ireland about DPOs after GDPR came into force. In 95% of cases we tell Irish Organisations that they don’t need one. How do we come to that conclusion? It is worth stepping back for a moment and think about what GDPR says about the requirement for DPOs: The Law Article 37(1) of the […]
The General Data Protection Regulation (2016/679), imposes clear requirements controlling the appointment of data processors by data controllers. One of these is a requirement prescribing various matters which must be stipulated in a written contract (Article 28). As and from 25 May 2018 all agreements between Data Controllers and Data Processors need to meet these new GDPR requirements. This is a major change for many organisations, […]
Many people ask us how long they should store data for to be GDPR compliant. The very brief answer from the EU is: You must store data for the shortest time possible. This phrase “shortest possible”, while certainly punchy is sadly imprecise. This article attempts to shine some light on what it really means. Public accountability […]
The deadline on May 25th 2018 has passed, and even though the GDPR legislation has been public for well over a year, most businesses and organisations are only now beginning to realise that it actually applies to them too. The private sector is playing catch-up and brand-owners arriving late are grappling to get their heads […]
Article 6 of Regulation 2016/679, the General Data Protection Regulation (hereafter: GDPR). sets the conditions for a lawful personal data processing and describes the six and only six, lawful bases for personal data processing, only one of which is consent. It is important to note that one of these six bases must be established prior to processing for each specific purpose. Generally, consent can only […]
Ireland is fortunate in having a thriving voluntary sector. A sector which between employment, sport, caring and entertainment touches the lives of almost every citizen on the island of Ireland. Possibly retaining personal data on every citizen on the Island of Ireland. Every city, town and parish in the country has sports clubs and schools […]
Most Irish businesses use Google Analytics as their main web analytics tool and for many it’s the only tool they use to tell how their website is working. Firstly its free for most users and it’s relatively straightforward to use You (or your developer) install Javascript code on web pages to track (monitor) website users […]
The General Data Protection Regulation (GDPR) is the latest data protection legislation applicable European Union (EU) member states. The intent of the GDPR is to replace the European data protection framework as set out in the European Data Protection Directive (95/46/EC) (Directive) and be implemented into the national data protection laws of the EU member […]