Need a call back?
Simply fill out the form below and we'll call you.
Give us a call!
Get in touch, we want to hear from you.
Upload your CV
Be a part of our team at FPM, simply fill out the form below.
Upload your CV
Be a part of our team at FPM, simply fill out the form below.
Preparing for GDPR
As they prepare for GDPR, some businesses are finding that they need to update their data protection procedures and documentation, writes Feargal McCormack.
Amid all the talk of Brexit, it is easy to lose sight of other issues businesses are contending with at present. One of these is the General Data Protection Regulation which applies to any organisation that collects or processes personal data of EU citizens, whether the organisation is in the EU or not.
The purpose of GDPR is to strengthen data protection for EU citizens by regulating the collection, storage, transfer and use of their personal data.
From 25 May 2018, organisations could incur fines of up to €20 million or four per cent of annual turnover if they are found not to comply with the regulation.
Currently, FPM clients are reviewing their data security and processes to identify potential weaknesses or gaps. Privacy impact assessments are an important part of this review.
While data protection legislation has been in place for a long time and most businesses have implemented appropriate controls over matters such as the collection, storage, use and retention of customer data, we are finding that in some instances procedures need to be updated, particularly where third party suppliers may have changed. For some businesses, the supply chain can be their biggest data protection risk.
Another potentially problematic area is marketing information, including the tracking of online activities. Tighter controls may be needed depending on where the data came from, the age of the data, the purpose for which it was collected and, where necessary, whether appropriate consent was obtained at the time of collection.
Documenting processes and obtaining evidence of compliance from third parties who process data is important. Where this documentation already exists, it may need to be updated.
Further information on GDPR is available on the Information Commissioner’s Office website which recently launched a blog (https://iconewsblog.org.uk) to separate GDPR fact from fiction. The Irish Data Protection Commissioner also has a dedicated GDPR website, http://gdprandyou.ie
FPM clients who require advice on GDPR should contact our Governance and Risk Management team.
Feargal McCormack l Managing Director