What GDPR Means in Practice for Irish Business

The General Data Protection Regulation (GDPR) is a European directive aimed at ring-fencing consumer data against illegal or unnecessary access. There is nothing to discuss or debate with local politicians, or the Irish Data Protection Commissioner for that matter. As a European directive, it has over-riding power. To obtain an English version, please visit this link, and select ?EN? from the table of languages.

As you reach for your tea, coffee or Guinness after sighting it, you will be glad to know the Irish Data Protection Commissioner has the lead in turning this into business English we understand. The following diagram should assist you to obtain a quick overview of the process we all have to go through. In this article, we briefly describe what is inside Boxes 1 to 12. The regulation comes into force on 25 May 2018 so we have less than a year to get ready.

The 12 Essential Steps to Implementing the General Data Protection Act

1. Create awareness among your people of what is coming their way. The GDPR has given our regulator discretion to dish out fines up to ?20,000,000 (or 4% of total annual global turnover, whichever is greater) so there is determination to make this happen.

2. Become accountable by understanding the consumer data you hold. Why are you retaining it, how did you obtain it, and why did you originally collect it. Now you know it is there, how much longer will you still need it? How secure is it in your hands, have you ever shared it?

3. Open a communication channel with your staff, your customers, and anyone else using the data. Share how you feel about how accountable you have been with the information in the past. Explain how you plan to comply with the GDPR in future, and what needs to change.

4. Understand the personal privacy entitlement of the subjects of the information. They have rights to access it, correct mistakes, remove information, restrict its use, decline direct marketing, and copy it to their own files. What needs to change in your systems to assure these rights?

5. Issue a policy for allowing consumers access to their information you hold. You must process requests within a month, and you may not charge for the service unless your cost is excessive. You may decline unfounded or excessive demands within your policy guidelines.

6. Adapt to the requirement that you must have a legal basis for everything you do with, and to consumer data. You need to be in a position to justify your actions to the Irish Data Protection Commissioner in the event of a complaint. Having a legitimate interest is no longer sufficient.

7. Ensure that consumer consent to collect, use, and distribute their data is ?freely given, specific, informed, and unambiguous.? From 25 May 2018 onward, this consent will be your only ground to do so. You cannot force consent. Your benchmark becomes what the GDPR says.

8. Issue rules for managing data of underage subjects. This is currently under review and we are awaiting results. Put systems in place to verify age. Set triggers for where guardians must give consent. Make sure age is verifiable. Use language young people understand.

9. Introduce a culture of openness and honesty, whereby breaches of the GDPR are detected, reported, investigated, and resolved. You will have a duty to file a GDPR report with the Data Protection Commissioner within 72 hours, thus it is important to fast track the process.

10. Introduce a policy of conducting a privacy assessment before taking new initiatives. The GDPR calls for ?privacy by deign?, and we need to engineer it in. This may be the right time to appoint a data controller in your company, and start implementing the GDPR while you have time.

11. You may also need to appoint a data protection officer depending on the size of your business. Alternatively, you need to add managing data protection compliance to an employee?s duties, or appoint an external data-protection compliance consultant.

12. Finally, and you will be glad to know this is the end of the list, the GDPR has an international flavour in that multinational organisations will report into the EU Lead Supervisory Authority. This will manage the process centrally while consulting national data authorities.

The GDPR is a project we all need to complete. If we are out of line, it is in our interests to get things straightened out. Once everything is in place, the task should not be too onerous. Getting there could be the pain.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Denizon’s Business Continuity Services

Disruptions to business operations can be as catastrophic as a Hurricane Katrina or a 9/11 or as relatively trivial as a minor power outage or a planned shutdown. What ever the gravity, scope and duration the disruption has, your company should be able to handle each situation so that you can declare “business as usual” and really mean it. (more…)

Will UK Retailers Skim the Cream with ESOS?

The British Retail Consortium (BRC) was quick out on the starting blocks with an ambitious plan to cut energy costs by 25% in 5 years. Their ?25-in-5? initiative is chasing a target of ?4.4 billion savings during the duration. Part of this program involves ?cutting a path through a complex and inaccessible policy landscape?. BRC believes this drawback is making its members think twice about making energy efficiency investments.

The UK?s sprawling network of grocers, department stores and malls is the nation?s second most hungry energy customer, having spent ?3.3 billion on it in 2013 when it accounted for almost 20% of carbon released. If you think that sounds bad, it purchased double that amount in 2005. However the consortium believes there is still more to come.

It bases this assumption on the push effect of UK energy rates increasing by a quarter during the duration of the project. ?So it makes sense to be investing in energy efficiency rather than paying bills,? Andrew Bolitho (property, energy, and transport policy adviser) told Business Green. The numbers mentioned exclude third party transport and distribution networks not under the British Retail Consortium umbrella.

The ?complex and inaccessible policy landscape? is the reflection of UK legislators not tidying up as they go along. BRC cites a ?vast number of policies ? spreading confusion, undermining investment and making it harder to raise capital?. The prime culprits are Britain?s CRC Energy Efficient Scheme (previously Carbon Reduction Commitment) which publishes league tables and ESOS. Andrew Bolitho believes this duality is driving confused investors away.

The British Retail Consortium is at pains to point out that this is not about watering things down, but making it simpler for participating companies to report on energy matters at a single point. It will soon go live with its own information hub providing information for retailers wishing to measure consumption at critical points, assemble the bigger picture and implement best practice.

Ecovaro agrees with Andrew Bolitho that lowering energy demand and cutting carbon is not just about technology. We can do much in terms of changing attitudes and providing refresher training and this does not have to cost that much. Studies have shown repeatedly that there is huge benefit in inviting employees to cross over to our side. In fact, they may already be on board to an extent that may surprise.

Disadvantages of Spreadsheets

Spreadsheets are flexible, inexpensive and easy to use. They are especially handy when it comes to beating report submission deadlines or making impromptu data computations. That’s why office workers, managers and even executives have made spreadsheets their go-to solution for such undertakings and more.

Spreadsheets have become so ubiquitous, that they’ve found their way into a wide range of applications including complex modelling, accounting reconciliations, market data analysis, work flow tracking and monitoring, analytical review and financial reporting.

Unfortunately, organisations heavy reliance on spreadsheets have made these User Developed Applications (UDA) into high-risk office tools. Simple spreadsheet errors like leaving out a negative sign or a cut-and-paste mistake have already caused million-dollar discrepancies. Also, when a fraudulent employee enters into the picture, the risks become unimaginable.

Think TransAlta?s spreadsheet cut-and-paste glitch (the company later called this a ?simple clerical error?) which caused the energy firm a whopping $24 million loss or Fidelity?s overstatement of its earnings owing to the omission of the minus sign on the spreadsheet of a $1.3 billion net capital loss.

In both cases and in many other similar spreadsheet fiasco, the errors played a major role in the organisation’s decision-making, leading to disastrous results including, but not limited to financial loss, shattered investor confidence and public embarrassment.

If these are scenarios your organisation can ill afford, then it’s time to ask yourself: Do the disadvantages of spreadsheets far outweigh their benefits to merit a call for total liberation from them?

More Spreadsheet Blogs


Spreadsheet Risks in Banks


Top 10 Disadvantages of Spreadsheets


Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry


How Internal Auditors can win the War against Spreadsheet Fraud


Spreadsheet Reporting – No Room in your company in an age of Business Intelligence


Still looking for a Way to Consolidate Excel Spreadsheets?


Disadvantages of Spreadsheets


Spreadsheet woes – ill equipped for an Agile Business Environment


Spreadsheet Fraud


Spreadsheet Woes – Limited features for easy adoption of a control framework


Spreadsheet woes – Burden in SOX Compliance and other Regulations


Spreadsheet Risk Issues


Server Application Solutions – Don’t let Spreadsheets hold your Business back


Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Ready to work with Denizon?

Contact Us Today