The General Data Protection Regulations (GDPR) are coming into force on the 25th May 2018. As a regulation, the GDPR will have a direct effect on the Irish law system, including the Data Protection Acts 1988 & 2003 and the Data Protection Directive 95/46/EC.
The GDPR focus is on standardising the European citizen’s right to data privacy, as well as emphasising transparency, security and accountability by data controllers.
Fines: The GDPR is providing data protection authorities with administrative fines which can turn out to be devastating for organisations. It allows fining for non-compliance of up to €20mln or 4% of total annual global turnover (whichever is greater) for the most serious breaches.
The new regulation will make it easier for individuals to request copies of data relating to them.
At the moment employees are liable to pay a fee of €6.35 and wait for up to 40 days, for the copies of the data to be supplied to them.
However under the GDPR, this request is now free of charge and an employer now has only 30 days to process the request.
An employer is now also required to provide an employee with additional information such as information on how long data is being stored and the right to have inaccurate data concerning them corrected.
Mandatory reporting of data breaches has also been introduced.
At the moment only some organisations are obliged to do this. Once the GDPR comes into force, all organisations will be obliged to report any data breaches to the Data Protection Commissioner within 72 hours.
Breaches that are required to be reported are those that are likely to bring harm to an individual. In addition any concerned individual needs to be informed about the breach also.
A failure to report it could result in a fine, as well as a fine for the breach itself.
Some companies will be required to appoint a Data Protection Officer. Such organisations include:
If your organisation is compliant under the existing law, your approach will be valid under GDPR.
The following are the main principles of Data Protection.We recommend that you make sure that your organisation is compliant with these, as this will vastly help you in the case of any inspection under GDPR:
The GDPR introduces a number of significant changes that every employer must be aware of and be sure to comply with, in order to avoid significant penalties.. We recommend that Employers;
Finally, here are a few questions to bring you one step closer to being compliant:
This update is provided by the MSS HR Support Service. For further details on the General Data Protection Regulations or on other HR services please email firstname.lastname@example.org.