Contact The Team


* indicates required


GDPR May 2018

The EU General Data Protection Regulation (“GDPR”) came into direct legal effect in all EU member states, including Ireland, on 25 May 2018.

The GDPR brought significant change. It replaced the previous data protection legislation in Ireland and the EU and brought with it many new requirements and obligations. It is essential for all businesses, NGO’s and public bodies to be aware of the changes as there are very significant fines and sanctions for non-compliance. Being able to demonstrate that you are in compliance by means of documented policies, procedures and training is essential.


What changed under the GDPR?
The GDPR introduced significant changes to the obligations of data controllers and data processors which will require organisations to review and redraft contracts, policies and procedures and other related documents to ensure they are in compliance with the provisions of the GDPR. It may also be necessary to prepare new policies where none currently exist.


Significant new obligations
The GDPR introduced new obligations on data controllers and data processors, including:

  • increased obligations relating to accountability and transparency;
  • requirements to facilitate and comply with enhanced rights of data subjects;
  • reduced timeframes and additional obligations regarding data breaches;
  • where consent is relied on for processing purposes – a higher threshold is now established;
  • additional information must be given to data subjects;
  • increased record-keeping obligations;
  • obligations to appoint a data protection officer; and
  • data protection impact assessments.


Increased sanctions for non-compliance
One of the most significant changes made by the GDPR is the area of sanctions for non-compliance with its provisions. The Office of the Data Protection Commissioner are now entitled to impose fines of:

  • up to 2% of annual worldwide turnover or €10m (whichever is greater) for breaches relating to internal record-keeping, data security and breach notification, data protection officers, and data protection by design and data protection by default.
  • up to 4% of annual worldwide turnover or €20m (whichever is greater) for breaching the data protection principles, conditions for consent, individuals’ rights, and international data transfers.


Data security
Ensuring that you have appropriate governance measures relating to access and use of personal data, whether in respect of employees, consultants, marketing/PR companies or third party contractors, is now strictly regulated. It is important that you have the controls and correct contractual apportionments of risk in place. Appropriate insurance cover should also be considered, given that the GDPR introduced a new statutory civil right of action for third parties who suffer damage as a result of any infringement by you of your obligations under the GDPR.


How can Philip Lee help?
We are leading experts in the area of data protection law. We have advised private and public sector companies on the full spectrum of data protection compliance and enforcement issues. We have also acted in many of the leading data protection cases to come before the Courts. A number of our partners are CIPP/E certified (Certified International Privacy Professional – Europe). Our Data, Privacy and Technology team is ready to assist you.

It was only a matter of time before we would...

See Full Article

It remains to be seen whether the UK will ‘crash out’ of...

See Full Article

For many businesses, the international transfer of data is a critical part...

See Full Article

As published in The Irish Times, November 13th 2018. Did you know that...

See Full Article

Our corporate and technology partner Eoghan Doyle alongside Eddie O'Mahony, Head of...

See Full Article

One of the most significant changes under the GDPR is the new...

See Full Article

Introduction The General Data Protection Regulations (the “GDPR”) will come into...

See Full Article

The EU General Data Protection Regulation (“GDPR”) will come into direct legal...

See Full Article

Increasingly retailers are offering to send us our receipts by...

See Full Article

As published in the September 2017 issue of the...

See Full Article

Introduction On Wednesday 26 July 2017, Cabinet agreed to set the...

See Full Article

The EU General Data Protection Regulation (“GDPR”) was enacted on 24 May...

See Full Article

A key new obligation under the GDPR is the requirement that certain...

See Full Article

The Data Summit Dublin provides a unique opportunity...

See Full Article

Get In Touch

Damien Young

Anne Bateman

Eoghan Doyle

Sean McElligott