What GDPR Means in Practice for Irish Business

The General Data Protection Regulation (GDPR) is a European directive aimed at ring-fencing consumer data against illegal or unnecessary access. There is nothing to discuss or debate with local politicians, or the Irish Data Protection Commissioner for that matter. As a European directive, it has over-riding power. To obtain an English version, please visit this link, and select ?EN? from the table of languages.

As you reach for your tea, coffee or Guinness after sighting it, you will be glad to know the Irish Data Protection Commissioner has the lead in turning this into business English we understand. The following diagram should assist you to obtain a quick overview of the process we all have to go through. In this article, we briefly describe what is inside Boxes 1 to 12. The regulation comes into force on 25 May 2018 so we have less than a year to get ready.

The 12 Essential Steps to Implementing the General Data Protection Act

1. Create awareness among your people of what is coming their way. The GDPR has given our regulator discretion to dish out fines up to ?20,000,000 (or 4% of total annual global turnover, whichever is greater) so there is determination to make this happen.

2. Become accountable by understanding the consumer data you hold. Why are you retaining it, how did you obtain it, and why did you originally collect it. Now you know it is there, how much longer will you still need it? How secure is it in your hands, have you ever shared it?

3. Open a communication channel with your staff, your customers, and anyone else using the data. Share how you feel about how accountable you have been with the information in the past. Explain how you plan to comply with the GDPR in future, and what needs to change.

4. Understand the personal privacy entitlement of the subjects of the information. They have rights to access it, correct mistakes, remove information, restrict its use, decline direct marketing, and copy it to their own files. What needs to change in your systems to assure these rights?

5. Issue a policy for allowing consumers access to their information you hold. You must process requests within a month, and you may not charge for the service unless your cost is excessive. You may decline unfounded or excessive demands within your policy guidelines.

6. Adapt to the requirement that you must have a legal basis for everything you do with, and to consumer data. You need to be in a position to justify your actions to the Irish Data Protection Commissioner in the event of a complaint. Having a legitimate interest is no longer sufficient.

7. Ensure that consumer consent to collect, use, and distribute their data is ?freely given, specific, informed, and unambiguous.? From 25 May 2018 onward, this consent will be your only ground to do so. You cannot force consent. Your benchmark becomes what the GDPR says.

8. Issue rules for managing data of underage subjects. This is currently under review and we are awaiting results. Put systems in place to verify age. Set triggers for where guardians must give consent. Make sure age is verifiable. Use language young people understand.

9. Introduce a culture of openness and honesty, whereby breaches of the GDPR are detected, reported, investigated, and resolved. You will have a duty to file a GDPR report with the Data Protection Commissioner within 72 hours, thus it is important to fast track the process.

10. Introduce a policy of conducting a privacy assessment before taking new initiatives. The GDPR calls for ?privacy by deign?, and we need to engineer it in. This may be the right time to appoint a data controller in your company, and start implementing the GDPR while you have time.

11. You may also need to appoint a data protection officer depending on the size of your business. Alternatively, you need to add managing data protection compliance to an employee?s duties, or appoint an external data-protection compliance consultant.

12. Finally, and you will be glad to know this is the end of the list, the GDPR has an international flavour in that multinational organisations will report into the EU Lead Supervisory Authority. This will manage the process centrally while consulting national data authorities.

The GDPR is a project we all need to complete. If we are out of line, it is in our interests to get things straightened out. Once everything is in place, the task should not be too onerous. Getting there could be the pain.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Big Energy Data Management

Recent times have seen the advent of cloud based services and solutions where energy data is being stored in the cloud and being accessed from anywhere, anytime through remote mobile devices. This has been made possible by web-based systems that can usually bring real-time meter-data into clear view allowing for proactive business and facility management decisions. Some web based systems may even support multi utility metering points and come in handy for businesses operating multiple sites.

Whereas all this has been made possible by increased use of smart devices/ intelligent energy devices that capture data at more regular intervals; the challenge facing businesses is how to transform the large data/big volume of data into insights and action plans that would translate into increased performance in terms of increased energy efficiency or power reliability.

A solution to this dilemma facing businesses that do not know how to process big energy data, may lie in energy management software. Energy management software?s have the capability to analyse energy consumption for, electricity, gas, water, heat, renewables and oil. They enable users to track consumption for different sources so that consumers are able to identify areas of inefficiency and where they can reduce energy consumption, Energy software also helps in analytics and reporting. The analytics and reporting features that come with energy software are usually able to:

? Generate charts and graphs ? some software?s give you an option to select from different graphs

? Do graphical comparisons e.g. generate graphs of the seasonal average for the same season and day type

? Generate reports that are highly customisable

While choosing from the wide range of software available, it is important for businesses to consider software that has the capacity to support their data volume, software that can support the frequency with which their data is captured and support the data accuracy or reliability.

Energy software alone may not make the magic happen. Businesses may need to invest in trained human resources in order to realise the best value from their big energy data. Experts in energy management would then apply human expertise to leverage the data and analyse it with proficiency to make it meaningful to one?s business.

Large scale corporate transformation

Large scale corporate transformation are the necessary actions required to increase performance in an organisation. It leads to greater performance results and greater organisational growth. It is a lasting change and can range from getting new leaders to combining the functions of different departments. It can also involve the introduction of a new phase in the life of an organisation. Large scale corporate transformation can be measured using three variables. The first variable involves determining how deep the change penetrates to all levels of the organisation. The second variable measures how entrenched it becomes in the organisation while the third measure determines the percentage of the organisation covered in the change.

Corporate transformation is essential for a company that seeks to have a greater impact and a longer life in its business sector. The process requires time and resources. The whole establishment needs to support it for success. Not only does the top management need to back it, but stockholders and staff members also need to buy the idea. This is because when the process of corporate transformation hits a barrier, it will take the entire organisation to keep it on course and complete the process. Without the support of everyone, most organisations will not complete the process.

Business transformation in recent times has begun to combine finance, HR and IT departments into one functioning piece of an organisation. This has resulted in leaner, faster, and more efficient corporate entities that produce high results and has a greater impact in its overall functioning. These three key departments are the backbone of any organisation, and the combination of the three creates an efficient organisation that translates into high performance results.

One crucial aspect of large scale corporate transformation is IT transformation, which entails the entire overhaul of any organisation’s technology systems. It adopts a more efficient platform that enhances its overall operation. IT transformation involves the use of Service Oriented Architecture (SOA) and open systems. This process is the revamping of the existing technology used to support the organisation and is critical for aligning the business functions to the mission of the organization. It touches on the current hardware and software and how they can best be improved upon for greater results. This process is necessary in the entire business transformation.

The question that needs to be addressed is how any organisation can make this process successful. First, it requires the understanding that it is not just a goal to be achieved, but a new way of thinking embraced by the entire organisation. Secondly, the leadership in place needs to be fully involved and dedicated to the process and to realise that it takes time and effort to complete such a mission. There also needs to be flexibility and adaptability in order to learn from mistakes and keep moving forward. Constant communication is also critical to ensure that everyone involved understands the current stage and the next steps to be done. Change is the only constant and is necessary for progress and success.

Disadvantages of Spreadsheets – Obstacles to Compliance in the Healthcare Industry

Most of the regulatory compliance issues we talked about concerning spreadsheets have been related to financial data. But there are other kinds of data that are stored in spreadsheets which may also cause regulatory problems in the future.

In the US, a legislation known as HIPAA or Health Insurance Portability and Accountability Act is changing the way health care establishments and practitioners handle patient records. The HIPAA Privacy Rule is aimed at protecting the privacy of individually identifiable health information a.k.a. protected health information (PHI).

Examples of PHI include common identifiers like a patient’s name, address, Social Security Number, and so on, which can be used to identify the patient. HIPAA covers a wide range of health care organisations and service providers, including: health plan payers, health care clearing houses, hospitals, doctors, dentists, etc.

To protect the confidentiality, integrity, and availability of PHI, covered entities are required to implement technical policies such as access controls, authentication, and audit controls. These can easily be implemented on server-based systems.

Sad to say, many health care organisations who have started storing data electronically still rely on spreadsheet-based systems. Those policies are hard to implement in spreadsheet-based systems, where files are handled by end-users who are overloaded with their main line of work (i.e. health care) and have very little concern for data security.

In some of these systems, spreadsheet files containing PHI may have multiple versions in different workstations. Chances are, none of these files have any access control or user authentication mechanism whatsoever. Thus, changes can easily be made without proper documentation as to who carried out the changes.

And because the files are normally easily accessible, unauthorised disclosures – whether done intentionally or accidentally – will always be a lingering threat. Remember that HIPAA covered entities who are caught disclosing PHI can be fined from $50,000 up to $500,000 plus jail time.

But that’s not all. Through the HITECH Act of 2009, business associates of covered entities will now have to comply with HIPAA standards as well. Business associates are those companies who are performing functions and services for covered entities.

Examples of business associates are accounting firms, law firms, consultants, and so on. They automatically need to comply with the standards the moment they too deal with PHI.

 

More Spreadsheet Blogs

 

Spreadsheet Risks in Banks

 

Top 10 Disadvantages of Spreadsheets

 

Disadvantages of Spreadsheets – obstacles to compliance in the Healthcare Industry

 

How Internal Auditors can win the War against Spreadsheet Fraud

 

Spreadsheet Reporting – No Room in your company in an age of Business Intelligence

 

Still looking for a Way to Consolidate Excel Spreadsheets?

 

Disadvantages of Spreadsheets

 

Spreadsheet woes – ill equipped for an Agile Business Environment

 

Spreadsheet Fraud

 

Spreadsheet Woes – Limited features for easy adoption of a control framework

 

Spreadsheet woes – Burden in SOX Compliance and other Regulations

 

Spreadsheet Risk Issues

 

Server Application Solutions – Don’t let Spreadsheets hold your Business back

 

Why Spreadsheets can send the pillars of Solvency II crashing down

?

Advert-Book-UK

amazon.co.uk

?

Advert-Book-USA

amazon.com

 

Ready to work with Denizon?

Contact Us Today