Your browser version is outdated. We recommend that you update your browser to the latest version.

CCSIT Services

 

  • Project Management
  • Programme Management
  • Information Security Management
  • GDPR
  • PCI/DSS

Learn More

 

 GDPR (General Data Protection Regulation)

The European General Data Protection Regulation (GDPR) replaced the Data Protection Directive and came into force in May 2018. This Regulation applies to data controllers or data processors that keep or process any information about living people referred to as data subjects. The GDPR enhances the rights and principles already defined in the Directive and the DPA, while it also introduces some more significant changes such as:

  • A requirement to actively demonstrate compliance and document processing activities; 
  • Greater powers for supervisory authorities and increased reliefs available to data subjects. The Office of the Data Protection Commissioner(ODPC) has the ability to issue fines for non-compliance for up to €10M or 2% of global turnover (whichever is the greater) for serious breaches and up to €20M or 4% of global turnover (whichever is the greater) for extremely serious breaches; 
  • Mandatory reporting of data privacy breaches to the appropriate supervisory authority; 
  • Introduction of ‘privacy by design’ as a concept when developing, designing, selecting and using applications, services and products that are based on the processing of personal data; 
  • Requirement to complete Privacy Impact Assessments (PIAs) for change activity where there is a “high risk to the rights and freedoms” of the data subject or where processing is likely to be carried out on a large scale.
  • The ODPC in Ireland has urged organisations to carry out a review of all current and envisaged processing activity. This is complemented by guidance from other supervisory bodies such as the Information Commissioners Office (ICO) in the UK who have advised organisations to consider the following: information you hold; awareness and communication; rights of individuals; data subjects access requests; legal basis for processing; consent; processing of children’s data; data breach reporting; privacy by design and PIA’s; data transfers and appointment of Data Protection Officers (DPO’s).

All our consultants are GDPR Practitioner qualified, Auditor qualified, ISO 27001 Advanced Implementation and PCI PCIP (Payment Card Industry Professional) qualified.

CCSIT specialists can assist organisations with all aspects of General Data Protection Regulation (GDPR).

To discuss your requirement please call us on + 353 86 2397568 or Email us at brianc@ccsit.ie