EU GDPR – General Data Protection Regulation

The 25^thMay 2018, witnessed the biggest seismic shift in the landscape of data protection legislation in decades, with the implementation of the EU General Data Protection Regulation, (EU 2016/679). Suddenly the legal obligations for data protection compliance became real and the recognition that failure to comply would potentially result in the enforcement of strict sanctions and fines.

EU GDPR ACCOUNTABILITY

Implemented in response to the effects of the digital revolution and impacts of continuously evolving technologies, the challenging legislation was introduced primarily to prevent and restrict the exploitation of personal information. Additionally the EU GDPR was established with the objective to change the mindset of business owners and organisations regarding how personal information is collected and processed.

The concepts of Fairness and Transparency and Accountability underpin the legal framework of the EU General Data Protection Regulation. The expectation of Regulators is that Data Controllers and Data Processors respect the personal information which they process and that they honour their legal obligations to comply with the requirements of the legislation.

It is now three years since EU GDPR implementation and during this period there has been significant enforcement activity by Regulators regarding violation of personal information. Facebook, Twitter, and Google, are amongst those being named, shamed, and fined. In recent weeks Whats App has also joined this illustrious group, incurring a fine of €225m imposed by the Irish Regulator.

EU GDPR ACCOUNTABILTY AND YOU

EU GDPR Accountability is an “ongoing” project and can be described as the health and safety of personal information. It is crucial that the process is reviewed regularly to ensure that when any new technologies or procedures are implemented, that these additional processes satisfy data protection requirements.

The legal obligation for Data Controllers and Data Processors is for the implementation of a comprehensive Privacy Management Program, encompassing written policies and procedures which allow the processing of personal information.

Accountability is the legal requirement for businesses and organisations to collect, process and store personal information in a transparent and fair and legal manner in addition to implementing all appropriate operational and technical policies and procedures.

EU GDPR ACCOUNTABILITY CHECKLIST

The following list, which is by no means exhaustive illustrates some of the challenging and onerous demands enforced on Data Controllers and Data Processors to become “GDPR” compliant.

Is your business identified as a Data Controller, Data Processor, Joint Data Controller?
Are you mandated to appoint a designated Data Protection Officer?
How legal is your website?
What EU GDPR policies and procedures impact your business or organisation?
Have you identified the legal basis to collect and process personal information?
When is it mandatory to conduct a Data Protection Impact Assessment?

Let us eliminate the complexities of GDPR Accountability!

For information about any of the services we provide, click the button below to schedule a meeting.

Get in touch