Title: The General Data Protection Regulation (GDPR)
will come into force on the 25th May 2018,replacing the existing data protection framework under the EU Data Protection Directive.
Author: Ireland, The office of the Data Protection Commissioner (DPC)
Full Text & Source: http://gdprandyou.ie/wp-content/uploads/2017/05/The-GDPR-and-You-2.pdf
As a regulation, it will not generally require transposition into Irish law (regulations have ‘direct effect’), so organisations involved in data processing of any sort need to be aware the regulation addresses them directly in terms of the obligations it imposes. The GDPR emphasises the Rights for individuals,while at the same time standardising and strengthening the right of European citizens to data privacy……
Review all current data privacy notices alerting individuals to the collection of their data. Identify any gaps that exist between the level of data collection and processing your organisation engages in, and how aware you have made your customers, staff and services users of this fact. If gaps exist, set about redressing them using the criteria laid out in ‘2: Becoming Accountable’ as your guide. Before gathering any personal data, current legislation requires that you notify your customers of your identity, your reasons for gathering the data, the use(s) it will be put to, who it will be disclosed to, and if it’s going to be transferred outside the EU. Under the GDPR, additional information must be communicated to individuals in advance of processing, such as the legal basis for processing the data, retention periods, the right of complaint where customers are unhappy with your implementation of any of these criteria, whether their data will be subject to automated decision making and their individual rights under the GDPR. The GDPR also requires that the
information be provided in concise, easy to understand and clear language.
3.Communicating with Staff and Service Users
4.Personal Privacy Rights
You should review your procedures to ensure they cover all the rights individuals have,including how you would delete personal data or provide data electronically and in a commonly used format.
Rights for individuals under the GDPR include:
• subject access
• to have inaccuracies corrected
• to have information erased
• to object to direct marketing
• to restrict the processing of their information, including automated decision-making • data portability
read the full article online…..
You must be logged in to post a comment.