Skip to main content
Beauchamps Close
Back

Beauchamps
  • About us
    • About Beauchamps
    • Client service
    • Core values
    • Corporate social responsibility
    • History
    • Knowledge management
    • Partnerships
  • Our People
  • Our services

    Practice Areas

    • Banking & Finance
    • Commercial Property
    • Company Secretarial
    • Construction
    • Corporate & Commercial
    • Corporate Governance & Company Compliance
    • Crisis Management
    • Data Protection & Freedom of Information
    • Employment & Benefits
    • Energy & Natural Resources
    • EU, Competition & Procurement
    • Insolvency & Corporate Restructuring
    • Insurance & Professional Indemnity
    • Inward Investment
    • Litigation & Dispute Resolution
    • Medical Negligence and Personal Injury*
    • Mergers & Acquisitions
    • Planning & Environmental

    Sectors

    • Brexit
    • Charities & Not For Profit
    • Energy & Natural Resources
    • Family Business
    • Financial Services
    • Food & Agri
    • Healthcare
    • Housing
    • Real Estate
    • Retail
    • Sport
    • Technology & Communications
    View All Services
  • What's new
    • Beauchamps - proud sponsor of and official legal adviser to Leinster Rugby
    • Brexit Update
    • Doing business in Ireland
    • General Data Protection Regulation
    • The Companies Act 2014
    • Covid-19 Updates
  • Join us
    • Why join Beauchamps?
    • Current opportunities
    • Legal professionals
    • Business support
    • Intern & trainee programmes
Contact Search
Search Menu
Beauchamps
Search Menu
What's new

GDPR Compliance: It’s Not Too Late To Take Action

16 Apr 2018

Breadcrumb

  1. Home
  2. What's new
  3. Publication

Share

Partner, Maureen Daly, recently wrote an article for Business Plus on what businesses need to know ahead of the new General Data Protection Regulations which are coming into place soon. Read the original article here or below.

The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and it has real obligations for all businesses that hold data about individuals. But there is no need to panic and it is not too late to start your GDPR preparations. Here are five key steps to take to ensure your business is GDPR-compliant.

1. Carry out a data audit

Document what personal data you hold, where it came from, why it was originally gathered, how long you will retain it, how secure it is and who you share it with. You should identify (and document) the basis (under law) for your processing personal data. You will also need to keep a record of your data-processing activities, which must be provided to the Data Protection Commissioner (DPC) on request. 

2. Review policies and privacy notes

Review your policies and privacy notices in order to address the additional information requirements that are necessary under the GDPR. Information must be provided in concise, easy-to-understand and clear language.

3. Review procedures

Review your procedures to ensure that they cover all the rights individuals have under the GDPR, including how you would delete personal data or provide data electronically and in a commonly used format, if requested. Plan how you will deal with requests from individuals (eg seeking access to or deletion of their data). Review how you seek, record and manage consent, and whether you need to make any changes to this process.

You are not required to refresh all existing consents, but if you rely on consent to process personal data, you should ensure that it meets the GDPR standard on being freely given, specific, informed, unambiguous and in plain language. If you offer online services to children and rely on consent to collect information about them, then you may need consent from a parent/guardian in order to process the child’s personal data lawfully. The consent has to be verifiable and your privacy notice must be written in language that children will understand.

Consider whether you need to appoint a Data Protection Officer. Even if you conclude that you do not need to appoint one, you should still identify a person who is responsible for the business’s data protection compliance. Be careful not to designate that person as a DPO, as this will result in additional GDPR compliance requirements.

4. Prepare an incident report plan

Review your procedures to ensure that you can detect, report and investigate personal data breaches. You should have a data breach incident response procedure in place and ensure it is implemented and tested, as it will need to be live by 25 May 2018.

5. Suppliers, training and cross-border

Review your arrangements with suppliers, as it may be necessary to make contractual amendments to comply with the GDPR. Your employees should also be made fully aware of the GDPR and should be trained in the application of any new policies.

If your business operates in more than one EU member state, you should map out where your business makes its most significant decisions about its data-processing activities. This will help to determine your ‘main establishment’ and which supervisory authority will be your lead supervisory authority, who will deal with all queries and complaints regarding cross-border processing. This should be documented.

About the author

Maureen Daly

Partner

About Maureen

Maureen is partner and head of our technology & intellectual property team, and our data protection & freedom of information team. Maureen works with many of the world’s biggest domestic and global brands particularly in the food & beverage, technology & communications, pharmaceutical and retail sectors, SMEs, start ups, not-for-profit organisations and public sector bodies.

Beauchamps

Related Services

Practice Areas

    Data Protection & Freedom of Information
Beauchamps

Our Location

Riverside Two

Sir John Rogerson's Quay

Dublin 2, D02 KV60

Ireland, DX No. 63

General Enquiries

T: +353 (0) 1 418 0600

F: + 353 (0) 1 418 0699

E: info@beauchamps.ie

  • Cookie Policy
  • Disclaimer
  • Accessibility
  • Sitemap
  • Contact
  • Privacy
© 2021 Beauchamps LLP