News

Ireland: Data protection considerations in the employment context – Part two

The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the Data Protection Act 2018 (‘the Act’) are the main pieces of legislation regarding data protection in Ireland. The Act supplements the GDPR and includes provisions relating to GDPR derogations, as well as establishes the Data Protection Commission (‘DPC’). In part two of this Insight series on data protection considerations in the employment context, Kate Colleary, Founder & Director of Pembroke Privacy Limited, discusses the general requirements regarding the collecting, processing, and retaining of employee data, as well as the requirements regarding employee health data. General requirements Organisations need a

Read More

Ireland: Data protection considerations in the employment context – Part one

The General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and the Data Protection Act 2018 (‘the Act’) are the main pieces of legislation regarding data protection in Ireland. The Act supplements the GDPR and includes provisions relating to GDPR derogations, as well as establishes the Data Protection Commission (‘DPC’). In part one of this Insight series on data protection considerations in the employment context, Kate Colleary, Founder & Director of Pembroke Privacy Limited, provides some background to the DPC and its relevant guidance, as well as the requirements regarding data protection at the recruitment level. The DPC The Act grants

Read More

Purpose Limitation in the GDPR

At the heart of the General Data Protection Regulation (GDPR), lie six fundamental principles for data controllers to follow when processing personal data. These include: Lawfulness, fairness, and transparency Purpose limitation Data minimisation Accuracy Storage limitation Integrity and confidentiality All six principles are subject to the overarching (sometimes called a 7th principle – accountability. For this paper we are going to consider the principle of purpose limitation. Firstly, what is the Purpose Limitation principle? The purpose limitation requirement has long been known as one of the cornerstones of data protection law. It was legislated for in the 1995 Data Protection

Read More

Upcoming Data Protection Legislation – Predictions for 2022

1. EU Directive on representative actions for the protection of the collective interests of consumers 2020/1828 The object of this European Directive is to ensure that a representative action mechanism is available to protect consumer interests in all Member States while providing safeguards to avoid abusive litigation. The Directive applies to infringements by traders of any one of 66 regulations or directives contained in Annex 1, one of which is the GDPR. The Directive allows ‘qualified entities’ to seek relief on behalf of consumers. Relief includes injunctive measures and redress, which includes compensation. This Directive will dramatically change the litigation

Read More

GDPR article 30 – Records of processing activity – ROPAs

The GDPR requires organisations to maintain a Record Of Data Processing Activity, often called a ROPA. This obligation applies to both controllers and processors and their representatives under article 28 (where applicable). There is an exemption for an organization which employs fewer than 250 people, however this will not apply where the processing: is likely to result in a risk to the rights and freedoms of data subjects; is not occasional; includes special category data or personal data relating to criminal convictions or offences. Even where an organisation falls within the exemption as it has less than 250 employees, it

Read More

Reviewing the core principles of the GDPR

More than three years after the General Data Protection Regulation was introduced, this article revisits the principles that are fundamental to the GDPR and should be embedded in the privacy policies and practices of every organisation. The principles that lie at the core of the GDPR originate largely from the Data Protection Directive (95/46/EC) and, with some refinement, provide a modern framework for the fair treatment of all data subjects. As set out within Article 5 of the GDPR, these principles are: Lawfulness, fairness and transparency Purpose limitation Data minimisation Accuracy Storage limitation Integrity and confidentiality Accountability There is also

Read More
GDPR in Companies

How Your Company Can Use Privacy as a Competitive Advantage

Many companies view GDPR compliance as a necessary evil rather than an opportunity to improve business models and customer experiences. This article takes a closer look at some of the benefits your organisation can gain from using privacy as a key differentiator in your market. Firstly, it’s essential to understand the scope of the General Data Protection Regulation (GDPR). Implemented by the EU in 2018, the GDPR applies to all organisations processing data from people within the EU. Therefore, companies based anywhere in the world can fall within scope of the GDPR. Being conscious of the consequences of non-compliance is

Read More

The Fundamentals of Processing Children’s Data

Table of Contents Every person, no matter their age, has the right to have their personal information protected and used only in a fair and lawful manner. As children may be less aware of their rights, as well as the risks, associated with the processing of their personal data, the General Data Protection Regulation (GDPR) considers children to be vulnerable data subjects – and thus gives them specific protection in this regard. In late 2020, the Data Protection Commissioner (DPC) published a comprehensive draft guidance document entitled ‘Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing‘. Following

Read More

Appointing a DPO – in-house, external or DPO support. What is best for your organisation?

The GDPR requires certain organisations to appoint a Data Protection Officer (DPO). This includes public bodies, organisations that conduct regular, large-scale and systematic monitoring of individuals and those that process special categories of personal data on a large scale. While the role of a modern DPO is multi-dimensional, their core responsibility is to help an organisation demonstrate compliance with the GDPR and other data protection laws. Even in instances where an organisation is not legally required to appoint a DPO, it can be advantageous to do so. Appointing a DPO is an excellent way for organisations to ensure that the

Read More

5 Ways to guard against a ransomware attack

On 14 May 2021, Ireland’s Health Service Executive (HSE) suffered a major ransomware attack and was forced to shut down all its IT systems, nationwide. This sophisticated, financially-motivated attack – which has been called the most ‘significant’ cybercrime attempt against an Irish state agency1 – brought diagnostic services, COVID-19 testing and other critical activities to a halt. While progress has been made in restoring and rebooting systems, a significant disruption to everyday services is still ongoing. This event highlights the fact that ransomware attacks are becoming more pervasive, sophisticated and destructive. While most organisations understand the need for a sound

Read More

Have a Question?

Ask below: