The General Data Protection Regulation (GDPR) will come into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.
As a regulation, it will not generally require transposition into Irish law (regulations have ‘direct effect’), so organisations involved in data processing of any sort need to be aware the regulation addresses them directly in terms of the obligations it imposes. The GDPR emphasises transparency, security and accountability by data controllers, while at the same time standardising and strengthening the right of European citizens to data privacy.
The office of the Data Protection Commissioner (DPC) is aware that the increased obligations that the GDPR places on companies might cause some anxieties for business planners. This document is the first in a series that will issue in the run-up to the 25th May 2018 implementation date. The aim is to try to alleviate some of those concerns, and facilitate a smooth transition to future data privacy standards for data controllers and data subjects alike.
The GDPR 12-Steps
1. Becoming Aware
2. Information you hold
3. Communicating Privacy Information
4. Individuals’ Rights
5. Subject Access Requests
6. Lawful Basis
7. Consent
8. Children
9. Data Breaches
10. Data Protection by Design and Data Protection Impact Assessments
11. Data Protection Officers
