What GDPR Means in Practice for Irish Business

The General Data Protection Regulation (GDPR) is a European directive aimed at ring-fencing consumer data against illegal or unnecessary access. There is nothing to discuss or debate with local politicians, or the Irish Data Protection Commissioner for that matter. As a European directive, it has over-riding power. To obtain an English version, please visit this link, and select ?EN? from the table of languages.

As you reach for your tea, coffee or Guinness after sighting it, you will be glad to know the Irish Data Protection Commissioner has the lead in turning this into business English we understand. The following diagram should assist you to obtain a quick overview of the process we all have to go through. In this article, we briefly describe what is inside Boxes 1 to 12. The regulation comes into force on 25 May 2018 so we have less than a year to get ready.

The 12 Essential Steps to Implementing the General Data Protection Act

1. Create awareness among your people of what is coming their way. The GDPR has given our regulator discretion to dish out fines up to ?20,000,000 (or 4% of total annual global turnover, whichever is greater) so there is determination to make this happen.

2. Become accountable by understanding the consumer data you hold. Why are you retaining it, how did you obtain it, and why did you originally collect it. Now you know it is there, how much longer will you still need it? How secure is it in your hands, have you ever shared it?

3. Open a communication channel with your staff, your customers, and anyone else using the data. Share how you feel about how accountable you have been with the information in the past. Explain how you plan to comply with the GDPR in future, and what needs to change.

4. Understand the personal privacy entitlement of the subjects of the information. They have rights to access it, correct mistakes, remove information, restrict its use, decline direct marketing, and copy it to their own files. What needs to change in your systems to assure these rights?

5. Issue a policy for allowing consumers access to their information you hold. You must process requests within a month, and you may not charge for the service unless your cost is excessive. You may decline unfounded or excessive demands within your policy guidelines.

6. Adapt to the requirement that you must have a legal basis for everything you do with, and to consumer data. You need to be in a position to justify your actions to the Irish Data Protection Commissioner in the event of a complaint. Having a legitimate interest is no longer sufficient.

7. Ensure that consumer consent to collect, use, and distribute their data is ?freely given, specific, informed, and unambiguous.? From 25 May 2018 onward, this consent will be your only ground to do so. You cannot force consent. Your benchmark becomes what the GDPR says.

8. Issue rules for managing data of underage subjects. This is currently under review and we are awaiting results. Put systems in place to verify age. Set triggers for where guardians must give consent. Make sure age is verifiable. Use language young people understand.

9. Introduce a culture of openness and honesty, whereby breaches of the GDPR are detected, reported, investigated, and resolved. You will have a duty to file a GDPR report with the Data Protection Commissioner within 72 hours, thus it is important to fast track the process.

10. Introduce a policy of conducting a privacy assessment before taking new initiatives. The GDPR calls for ?privacy by deign?, and we need to engineer it in. This may be the right time to appoint a data controller in your company, and start implementing the GDPR while you have time.

11. You may also need to appoint a data protection officer depending on the size of your business. Alternatively, you need to add managing data protection compliance to an employee?s duties, or appoint an external data-protection compliance consultant.

12. Finally, and you will be glad to know this is the end of the list, the GDPR has an international flavour in that multinational organisations will report into the EU Lead Supervisory Authority. This will manage the process centrally while consulting national data authorities.

The GDPR is a project we all need to complete. If we are out of line, it is in our interests to get things straightened out. Once everything is in place, the task should not be too onerous. Getting there could be the pain.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Monitoring Water Banks with Telemetrics

Longstanding droughts across South Australia are forcing farmers to rethink the moisture in the soil they once regarded as their inalienable right. Trend monitoring is an essential input to applying pesticides and fertilisers in balanced ratios. Soil moisture sensors are transmitting data to central points for onward processing on a cloud, and this is making a positive difference to agricultural output.

Peter Buss, co-founder of Sentek Technology calls ground moisture a water bank and manufactures ground sensors to interrogate it. His hometown of Adelaide is in one of the driest states in Australia. This makes monitoring soil water even more critical, if agriculture is to continue. Sentek has been helping farmers deliver optimum amounts of water since 1992.

The analogy of a water bank is interesting. Agriculturists must ?bank? water for less-than-rainy days instead of squeezing the last drop. They need a stream of online data and a safe place somewhere in the cloud to curate it. Sentek is in the lead in places as remote as Peru?s Atacamba desert and the mountains of Mongolia, where it supports sustainable floriculture, forestry, horticulture, pastures, row crops and viticulture through precise delivery of scarce water.

This relies on precision measurement using a variety of drill and drop probes with sensors fixed at 4? / 10cm increments along multiples of 12? / 30cm up to 4 times. These probe soil moisture, soil temperature and soil salinity, and are readily re-positioned to other locations as crops rotate.

Peter Buss is convinced that measurement is a means to the end and only the beginning. ?Too often, growers start watering when plants don’t really need it, wasting water, energy, and labour. By monitoring that need accurately, that water can be saved until later when the plant really needs it.? He goes on to add that the crop is the ultimate sensor, and that ?we should ask the plant what it needs?.

This takes the debate a stage further. Water wise farmers should plant water-wise crops, not try to close the stable door after the horse has bolted and dry years return. The South Australia government thinks the answer also lies in correct farm dam management. It wants farmers to build ones that allow sufficient water to bypass in order to sustain the natural environment too.

There is more to water management than squeezing the last drop. Soil moisture goes beyond measuring for profit. It is about farming sustainably using data from sensors to guide us. ecoVaro is ahead of the curve as we explore imaginative ways to exploit the data these provide for the common good of all.

ISO Certification and Training

Overview

ISO, or the International Organisation for Standardisation, is a global standard-setting body, made up of a network of various standards organisations from among its 162 member-nations. ISO is a vital force in the manufacturing industry, promoting industrial and commercial global standards for specifications and requirements in materials, products, procedures, information, and quality management.

ISO Certification

For a company, an ISO Certification:

? Is an assurance that the organisation, has met the required management of processes and documentation.

? Provides standards on how businesses and organisations manage information and processes;

? Does not impose any regulations;

? Is not like a license that allows a business or company to operate.

Rather, an ISO Certification merely certifies that a management system, a manufacturing process, or an offered service has all the elements for quality assurance and the capability to compete in the international market.

That said however, an ISO Certification is still vital to most businesses because it brings them up to par with global standards. For instance, in many industries, contracting companies are required ISO 9001 certification, and some government contracts, such as in the oil industry or medical technologies, depend largely on ISO 9001 compliance. Most ISO Standards are specific to different industries, processes, and products, but ISO 9001 is a management system standard that can be applied to any company.

ISO 9001

ISO 9001 is unarguably, one of the most established Quality Management Systems program in the world today that can be a useful tool for any organisation. ISO 9001 Standards is currently the recognised standard not only for quality management systems, but management systems in general, ensuring quality in all aspects ? products, services, and documentation.

Any company, regardless of size or sector, aiming to improve its operations and management, would do well with an ISO 9001 Certification, especially if the organisation is prepared to implement the standards throughout the entire organisation and not just in particular departments or divisions.

Find out more about our Quality Assurance services in the following pages:

Total Quality Management

Failure Mode and Effects Analysis

Six Sigma

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
Computer Forensics

So you had a customer data security breach last weekend? Do you know you could be held liable in court for failing to implement required security procedures? That’s right. Due to the overwhelming surge in identity theft wherein nearly 20 million Americans have already been affected, most states have enacted laws to curtail this fast rising crime. Therefore, it is important to redefine how your company deals with customer data security.

  • First, you’ll want to know what your obligations are as dictated by law. Some places, for example, require the destruction or deletion of personal data through shredding, erasing, or by rendering them undecipherable.
  • Second, not only do you need to comply with the said requirements, you’ll also have to prove in court that you actually complied if ever a security breach does happen.
  • Third, you need to be aware of your post-breach duties to avoid being dealt additional penalties.

Obviously, such situations now call for individuals who are experts in both the legal and technical aspects regarding data security. Such individuals are practitioners of a relatively new discipline known as computer forensics.

Armed with our computer forensics specialists, we’ll be able to help you deal with the above concerns. As a result, you can be prevented from having to pay fines that can go up to hundreds of thousands of euros.

There are other equally important reasons why you would want to avail of computer forensics services. For example, you’ll need computer forensics specialists because you want to:

  • Catch a person involved in criminal activities such as child porn, stealing of personal data, and destroying intellectual property.
  • Investigate a computer, network, or even a mobile device for clues that may lead to the culprit.
  • Determine the extent and possible causes when you discover your digital data has been damaged.
  • Find and recover damaged, deleted or encrypted data regardless of whether the cause was intentional or not. If the data in question will be used as evidence in a legal action, there are certain procedures that need to be followed during recovery operations to retain the integrity of the data. Computer forensic specialists are highly qualified for such operations.
  • Implement security policies in your organisation. Such policies have to operate within legal bounds if you want to avoid possible sanctions in the future. These policies should also be designed such that future forensic operations can be conducted with a high likelihood of success.

That said, a company that integrates computer forensics into its IT security policies and practices will be better equipped to remedy the situation once data security has already been compromised than a company that doesn’t.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today