The General Data Protection Regulation – GDPR – is the European Union standard data protection law from 25th May 2018.
These regulations substantially increase the standards of data protection. Their implications and the duties they place on businesses are onerous. The risk of non-compliance could result in substantial administrative fines as well as litigation seeking compensatory damages.
We offer a complete application, implementation and long-term oversight service providing your business with the assurance of adherence to the legislation via demonstrably transparent evidence-based compliance.
Our team have qualified in Data Protection law both in Ireland and Abroad within the EU and the USA and offer the highest standard of EU compliance to these regulations regardless of the size of your business.
For small businesses who have a requirement to have a Data Protection Officer, we offer this service on a bespoke basis.
The Data Protection Commission wants companies to ensure compliance in its totality or at least a proactive campaign trajectory towards full compliance on or around the 25th May 2018.
The HR Brief provides your company with evidence-based transparent compliance with the principles of data processing:
Fair obtaining and processing of personal data
Ensuring data is collected in accordance with a lawful basis and processed only in accordance with the purposes for which it was collected
Data Minimisation: that only the data that is adequate, necessary and relevant for the processing purpose is collected
Transparency of processing – full disclosure of data processes and data sharing
Ensuring the data processed is accurate, complete and up-to-date
Data Retention is in compliance with consent, statutory and legal requirements
Safety & Security of Data
Access Requests and Data Subject Rights Enforcement
We can provide your business with any and all of the following stages of service provision:
Stage 1: Awareness – we will review your current data protection policy and procedures, advising and upgrading where there are shortfalls in GDPR Compliance.
Stage 2: Data Mapping – we carry out a data audit of your business to identify your collection, processing, retention and storage compliance.
Stage 3: Communications – we examine all of the communications you have and are likely to have, including data subject access requests and GDPR exercises of rights, with data subjects, customers, clients, service providers and business to business relations to ensure that all of them are in compliance with GDPR requirements.
Stage 4: Data Security and Storage: at this stage we review of the physical security, security architecture for soft copy held information, working with your IT providers to ensure that standards of data security operationally and within your network are in place including reviewing the method of storage and deletion.
Stage 5: Registers and Due Diligence: – this involves putting in place data registers to ensure that the data mapping is recorded, that there is an internal breach register, that there is a register of personal data and a register of data processing. Also involved at this stage is a decision on the requirement for a Data Protection Officer and if found to be the case, putting in place a due diligence checklist and sign off procedure.
Stage 6: Bringing it all together – on completion, training to ensure that all administering personnel are aware of their individual obligations, and are able to handle any queries that come their way.