Contact The Team


Subscribe to our mailing list


* indicates required

Services

GDPR May 2018


The EU General Data Protection Regulation (“GDPR”) will come into direct legal effect in all EU member states, including Ireland, on 25 May 2018.

The GDPR brings significant change. It will replace the current data protection legislation in Ireland and the EU and brings with it many new requirements and obligations. It is essential for all businesses, NGO’s and public bodies to be aware of the changes as there are very significant fines and sanctions for non-compliance. Being able to demonstrate that you are in compliance by means of documented policies, procedures and training is essential.

 

What is changing under the GDPR?
The GDPR introduces significant changes to the obligations of data controllers and data processors which will require organisations to review and redraft contracts, policies and procedures and other related documents to ensure they are in compliance with the provisions of the GDPR. It may also be necessary to prepare new policies where none currently exist.

 

Significant new obligations
The GDPR introduces new obligations on data controllers and data processors, including:

  • increased obligations relating to accountability and transparency;
  • requirements to facilitate and comply with enhanced rights of data subjects;
  • reduced timeframes and additional obligations regarding data breaches;
  • where consent is relied on for processing purposes – a higher threshold is now established;
  • additional information must be given to data subjects;
  • increased record-keeping obligations;
  • obligations to appoint a data protection officer; and
  • data protection impact assessments.

 

Increased sanctions for non-compliance
One of the most significant changes made by the GDPR is the area of sanctions for non-compliance with its provisions. The Office of the Data Protection Commissioner will be entitled to impose fines of:

  • up to 2% of annual worldwide turnover or €10m (whichever is greater) for breaches relating to internal record-keeping, data security and breach notification, data protection officers, and data protection by design and data protection by default.
  • up to 4% of annual worldwide turnover or €20m (whichever is greater) for breaching the data protection principles, conditions for consent, individuals’ rights, and international data transfers.

 

Data security
Ensuring that you have appropriate governance measures relating to access and use of personal data, whether in respect of employees, consultants, marketing/PR companies or third party contractors, is now strictly regulated. It is important that you have the controls and correct contractual apportionments of risk in place. Appropriate insurance cover should also be considered, given that the GDPR will introduce a new statutory civil right of action for third parties who suffer damage as a result of any infringement by you of your obligations under the GDPR.

 

How can Philip Lee help?
We are leading experts in the area of data protection law. We have advised private and public sector companies on the full spectrum of data protection compliance and enforcement issues. We have also acted in many of the leading data protection cases to come before the Courts. A number of our partners are CIPP/E certified (Certified International Privacy Professional – Europe). Our Data, Privacy and Technology team is ready to assist you in the run up to May 2018.

As published in The Irish Times, November 13th 2018. Did you know that...

See Full Article

Our corporate and technology partner Eoghan Doyle alongside Eddie O'Mahony, Head of...

See Full Article

One of the most significant changes under the GDPR is the new...

See Full Article

Introduction The General Data Protection Regulations (the “GDPR”) will come into...

See Full Article

The EU General Data Protection Regulation (“GDPR”) will come into direct legal...

See Full Article

Increasingly retailers are offering to send us our receipts by...

See Full Article

As published in the September 2017 issue of the...

See Full Article

Introduction On Wednesday 26 July 2017, Cabinet agreed to set the...

See Full Article

The EU General Data Protection Regulation (“GDPR”) was enacted on 24 May...

See Full Article

A key new obligation under the GDPR is the requirement that certain...

See Full Article

The Data Summit Dublin provides a unique opportunity...

See Full Article

Get In Touch


Damien Young
PARTNER

Anne Bateman
PARTNER

Eoghan Doyle
PARTNER

Sean McElligott
PARTNER

Top