Posts

The Data Protection Commission have published an information note on data breach trends identified by their Breach Assessment Unit in the first year of GDPR.

Some of the trends and issues identified by the Breach Assessment Unit include:

  • Late notifications;
  • Difficulty in assessing risk ratings;
  • Failure to communicate the breach to data subjects;
  • Repeat breach notifications; and
  • Inadequate reporting.

You can view the full information note here.

At Crowleys DFK, we are dedicated to helping you achieve GDPR compliance. Our Data Protection Support Services’ team offer the following services:

  • Preparing a Gap Analysis between current practices and those required under the current legislation and regulation.
  • Ensuring Data Protection, Records Management and Retention Policies and Procedures are in line with current legislation and regulations.
  • Conducting Data Mapping exercise.
  • Developing Privacy Notices/Disclosures for your organisation.
  • Determining if a Data Protection Impact Assessment is required by your firm and provide assistance in implementing.
  • Providing support to your appointed Data Protection Officer/Privacy Officer and ensuring their roles and responsibilities fully include the requirements under the GDPR.
  • Providing GDPR workshops/training to Board members and staff.

For assistance or advice on Data Protection, please contact Pamela Nodwell, Manager in our Governance, Risk & Compliance Department.

The General Data Protection Regulation (GDPR) will come into effect from May 2018 replacing the existing data protection framework. Are you preparing for GDPR? Here are 10 tips to consider:

1. Have you created awareness?

Staff should be made aware that the law is changing to GDPR. They need to appreciate the impact that this will have and how the company will need to plan to meet those commitments and evidence of compliance.

2. Have you nominated someone to be responsible?

You should nominate someone to be responsible for data protection compliance and assess where the role will sit within your organisation’s structure and governance arrangements.

3. Do you know what information you hold?

You need to document what personal data you hold, where it came from, consent received and who you share it with. You may need to organise an information audit to do this.

4. Are your privacy notices sufficient or do you have any?

You need to review your current privacy notices and put a plan in place for making any necessary changes in time for the GDPR implementation deadline.

5. Can you facilitate the rights of individuals?

  • Check your procedures to ensure they cover all the rights of individuals have, including how you would document your processing activities.
  • Clearly document all the data you hold.
  • Provide data electronically and in a commonly used format (portability).

6. Can you handle subject access requests?

You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information.

7. How do you handle or obtain consent?

  • You should review how you seek, record and manage consent and whether you need to make any changes.
  • Refresh existing consents now if they don’t meet the GDPR standard.

8. What do you do if there is a data breach?

You need to ensure you have the right procedures in place to detect, report and investigate a personal data breach.

9. How do you implement or evidence Privacy by Design and perform Data Privacy Impact Assessments (DPIA)?

You need to familiarise yourself with the various code of practice on Privacy Impact Assessments as well as the latest guidance from Article 29 Working Party, and work out how and when to implement them in your organisation.

10. Is your organisation an international organisation?

If your organisation operates in more than one EU member state (i.e. you carry out cross border processing), you should determine your lead data protection supervisory authority.

Talk to Us

Download our infographic of the top 10 tips to consider

Pamela Nodwell
Manager, Governance Risk & Compliance
pamela.nodwell@crowleysdk.ie