What is Data Protection and GDPR?
Data protection and the governing regulation, GDPR are the rules surrounding personal data. Personal data is any information from which an individual may be identified. The rules require that you have a valid reason for holding personal data and that you treat personal data with due care. GDPR explains in detail the valid reasons and the way data should be treated.
Does GDPR apply to my business?
The chances are the answer to this question is yes. In fact, I have yet to come across a business that is not subject to GDPR in some shape or form.
If you have employees, you will be keeping contact details and payroll information at the very least. This is personal data and requires that you consider GDPR.
If you keep phone numbers or email addresses for your clients, this is personal data that requires GDPR compliance.
If you need client information in order to complete your contract with your client, this makes you subject to data protection rules.
Can I avoid GDPR?
GDPR is applicable to all businesses, clubs, charities and public bodies. There is an exemption for data kept solely for household use, and in relation to national security and law enforcement. A business can’t avoid data protection unless it holds no personal information whatsoever relation to any individual.
How does my business remain GDPR compliant?
The first step for any new or existing business is a Data Protection Impact Assessment (DPIA). In many instances this is a legal requirement; in all instances this is good practice. It is an assessment of what data your business holds and why, what category the data falls into, what are the risks of holding the data, and what steps must be taken to protect the data.
The next step is to create a data protection policy for your business so that each person in the business is aware of their responsibilities. The data protection policy might cover technical and organisational security measures, the process for dealing with a data access request, what training each staff member should undertake, and what to consider when hiring outside contractors or using external apps. The most important thing about the data protection policy is that it is tailored to suit your business and it is easy to implement in practice.
The above is intended for information purposes only, and is not intended to be relied upon as legal advice. Please contact us on 01 -676 3257 for advice specific to your needs. We, at Fitzsimons Redmond, would be delighted to work with you and your business on data protection planning and compliance.
By Lisa Quinn O’Flaherty, solicitor at Fitzsimons Redmond