Data Protection Consultancy Launched

18th April 2017

Posted In: FYI

Irish organisations must comply with new EU Data Protection Regulations within 12 months or face hefty fines and litigation

Any organisation that keeps personal data, including lists of customers, contacts or suppliers, has a little over a year to get its house in order so as to comply with the EU’s new General Data Protection Regulations (the GDPR) coming into effect on 25 May 2018. The GDPR shifts the onus firmly onto businesses to demonstrate that they are proactively engaged in data protection management. Organisations that fail to comply with the GDPR’s statutory requirements can face fines of €20 million, or 4% of annual global group turnover, as well as lasting damage to their reputation.

Frontier Privacy is a new Irish firm providing services to guide organisations through the new legislation and to help them put the systems and processes in place to better manage data. Lawyers Kate Colleary and Aoife Sexton founded Frontier Privacy with one guiding principle: to make sure that every organisation, no matter its size, can access expert, proactive and pragmatic data protection advice and solutions. Frontier Privacy’s services come as fixed-cost packages, so although each one is tailored to the client’s individual needs, there is full pricing transparency up front.

Frontier offers a comprehensive initial assessment via a detailed questionnaire which can be completed face-to-face or via Skype/phone. They then provide a very clear “traffic light” report setting out the findings such as: how data is collected, used and stored, who has access to it, what policies and procedures (if any) are already in place to manage and protect this data, who are the nominated personnel with access to the data and responsibility for it, etc.  Under the new legislation, all these elements must be identified and maintained in order to demonstrate compliance.

The results of the questionnaire are then used to create an action list with a view to moving the organisation towards compliance. These could include staff training, workshops and seminars, drafting documents, Data Protection Impact Assessments and more, all of which can be supplied by Frontier Privacy.

The effects of GDPR will be far-reaching. Consider the following:  collecting customer/user data; storing data in the cloud, transferring data between organisations or departments, HR related issued such as Garda vetting or dealing with sick certificates, designing privacy into the early development of a new project, dealing with a response to a data breach. This list is by no means comprehensive, yet all must be considered and policies put in place within the next 12 months to avoid the possibility of large fines, according to Colleary and Sexton.

Indications from Europe and the Data Protection Commissioner’s Office show that there will be no leeway in terms of implementation – companies will be expected to have adopted the appropriate measures at as of 25 May 2018. It takes time to get ready and to implement the new processes. Organisations need to act now in order to achieve compliance. For more visit here>>