Give us a Call Search Icon Contact
Search Icon

Need a call back?

Simply fill out the form below and we'll call you.

Arrange a Chat
Validation

Give us a call!

Get in touch, we want to hear from you.

Northern Ireland +44(0) 28 9024 3131
Ireland +353(0) 1691 3500

Upload your CV

Be a part of our team at FPM, simply fill out the form below.

Upload CV
File Upload

Maximum file size: 67.11MB

Validation

Upload your CV

Be a part of our team at FPM, simply fill out the form below.

Upload CV Single Post
File Upload

Maximum file size: 67.11MB

Validation

back to news
09 August 2019

Preparing for GDPR

As they prepare for GDPR, some businesses are finding that they need to update their data protection procedures and documentation, writes Feargal McCormack.

Amid all the talk of Brexit, it is easy to lose sight of other issues businesses are contending with at present. One of these is the General Data Protection Regulation which applies to any organisation that collects or processes personal data of EU citizens, whether the organisation is in the EU or not.

 

The purpose of GDPR is to strengthen data protection for EU citizens by regulating the collection, storage, transfer and use of their personal data.

 

From 25 May 2018, organisations could incur fines of up to €20 million or four per cent of annual turnover if they are found not to comply with the regulation.

 

Currently, FPM clients are reviewing their data security and processes to identify potential weaknesses or gaps. Privacy impact assessments are an important part of this review.

 

While data protection legislation has been in place for a long time and most businesses have implemented appropriate controls over matters such as the collection, storage, use and retention of customer data, we are finding that in some instances procedures need to be updated, particularly where third party suppliers may have changed. For some businesses, the supply chain can be their biggest data protection risk.

 

Another potentially problematic area is marketing information, including the tracking of online activities. Tighter controls may be needed depending on where the data came from, the age of the data, the purpose for which it was collected and, where necessary, whether appropriate consent was obtained at the time of collection.

 

Documenting processes and obtaining evidence of compliance from third parties who process data is important. Where this documentation already exists, it may need to be updated.

 

Further information on GDPR is available on the Information Commissioner’s Office website which recently launched a blog (https://iconewsblog.org.uk) to separate GDPR fact from fiction. The Irish Data Protection Commissioner also has a dedicated GDPR website, http://gdprandyou.ie

 

FPM clients who require advice on GDPR should contact our Governance and Risk Management team.

 

Feargal McCormack, Managing Partner,

        Feargal McCormack l Managing Director

f.mccormack@fpmaab.com

Share This on

Newsletter Signup

Stay up to date with the lastest news from FPM.

news
Validation