Many businesses are using artificial intelligence (AI) in some form in order to create business efficiencies. Some businesses use generative AI for copywriting, software writing, or employ Chatbots. These programmes work by being ‘trained’ by the inputting of large amounts of data. Other AI in use includes tools to summarise data or to perform analysis. Some businesses use off-the shelf AI tools and others augment the tools with their own specific datasets.
Continue readingTag: privacy law
GDPR puts a variety of obligations on businesses. Due to the far-reaching penalties arising under data protection law, it is important for business-owners to recognise where a need for action is triggered. One area that causes confusion or may be overlooked is the requirement for a data transfer agreement (DTA). A business may need a DTA in the following situations:
Continue readingThere was some concern that after the 31st of December 2020, Irish and EU businesses would no longer be able to freely transfer personal data in the same manner as previously. While businesses were right to have this risk on their radar, the eleventh hour Trade and Cooperation Agreement did make provision for the continued smooth flow of personal data. This means that we do not have to regard the United Kingdom as a third country for the purposes of GDPR. We may effectively continue as before.
Ordinarily at this time of year, I advocate a total switch off from all things work. However, the one thing that does not take a break over the Christmas period is the obligation to report a data breach to the Data Protection Commissioner. All data breaches must be notified within 72 hours.
A Data Protection Agreement is necessary when an organisation allows any third party to access or process personal data. This includes storage of files in the cloud, the use of work management systems, marketing or bulk-email software, as well as any situation where you allow access to an individual’s personal data by anyone outside of your organisation. If you are sharing personal data, it is your obligation to ensure that there is a DPA in place.
Under GDPR, children benefit from all the same protections as adults in respect of their personal data. However, organisations must take particular care in respect of processing the personal data of children, a child being a person under the age of eighteen years.
In recent months, I have noticed an increase in fees being charged for the compliance with data subject access requests, by some organisations. The purported fee is named as being to cover the cost of redaction, administration or copying, and is in many cases unlawful. Continue reading
Under GDPR, employers are entitled to monitor employee activity if they have a lawful basis for doing so and the purpose of their monitoring is clearly communicated to employees in advance-before any data is recorded the data subject must be warned. A system used to monitor the building for security purposes will usually be easy to justify. The use of CCTV systems in other circumstances – for example, to constantly monitor employees – can be more difficult to justify and could involve a breach of the Data Protection Acts. Should an employee object to the use of CCTV cameras in a particular area, the GDPR test places the burden on the employer to demonstrate that it has “compelling legitimate grounds” for processing that override the employees’ rights, or for the establishment, exercise or defence of legal claims.
General Data Protection Regulation
On Friday May 25th 2018 GDPR came into force. Although the key principles of data protection don’t change, there are changes to the regulatory policies. Below, we look at the main changes we will now see in Irish Law.
Now more than ever, we live in a world where knowledge is power. Businesses have discovered that the more information they have about an individual, the easier it is to sell them products and services. The internet thrives on the gathering and utilising of personal information. But, as individuals, we have rights in respect of information that can individually identify us. Our rights come into effect when there is any personal information about us stored on paper, on a computer, in the cloud or by way of photograph or video.