You may have already heard about the General Data Protection Regulation (GDPR) which will be coming into effect in Ireland on May 28th this year, but what does it mean for your business?
Here are the key points you need to be aware of before GDPR comes into effect this year, but for more information remember to visit www.gdprandyou.ie.
You need to the consent of an individual before you record their personal data, and this consent must be ‘freely given, specific, informed and unambiguous’. You must make it clear what you intend to use their data for. Consent cannot be given from pre-ticked boxes or silence.
You will need to make a thorough account of all the personal data you hold and be able to explain why you have it, and prove that it is being safely managed.
Personal Privacy Rights
Individual will have the following rights:
- subject access
- to have inaccuracies corrected
- to have information erased
- to object to direct marketing
- to restrict the processing of their information, including automated decision-making
- data portability
Timescale for requests
If an individual makes a request under GDPR, you must comply within one month (this is being reduced from 40 days).
If you ever have a data breach, you must have the right procedures in place to detect, report and investigate it. All breaches will need to be reported to the DPC within 72 hours. If the breach could result in harm to the individual (like identity theft), you must also report it to the individual themselves.