Do Irish Companies need a Data Protection Officer? – Companies Ireland

onsite paper shredding, paper shredding ireland, shredding company ireland, data protection officer

Image source: gdpr-info

Companies in Ireland – the General Data Protection Regulation (GDPR).

Within the EU GDPR there is a mandate for certain companies including specific Companies operating in Ireland that a Data Protection Officer is appointed within their business.

This Data Protection Officer will be the “go to” person within Irish companies and will manage the responsibility for Data Protection Compliance.

Responsibilities for the Data Protection Officer include but are not limited to;

  • Monitoring the company’s compliance with The Data Protection Law, managing training of staff for data protection and carrying out audits within the Organisation.
  • Providing advice to the Organisation relating to their obligations under the GDPR
  • Acting as the main contact point within the Organisation for the local Data Protection Authority (The Data Protection Commissioner)

Not all Irish companies will require to have an appointed DPO.

The circumstances listed below will require companies in Ireland will have a DPO;

  • Public Authorities processing public data (except for courts in their judicial capacity)
  • The Company in Ireland has a core activity which involve data processing operations and “require regular monitoring of data subjects on a large scale
  • The core activities of the organisation involve the processing of sensitive personal data on a large scale.

The specific size of the above listed processing activity is not detailed within the GDPR. There is not identifiable cut off point but it would be advised that Irish Companies to act on the side of caution rather than face the extreme financial sanctions for breaking the Law.

Paper shredding Dublin, paper shredding Cork, Paper shredding Galway, Paper shredding Limerick, offsite paper shredding service Ireland, off site paper shredding service Ireland, Off site shredding service Ireland, mobile paper shredding Ireland

Under Article 58 of the GDPR, in Ireland, the Office of The Data Protection Commissioner will be able to fine Irish companies who are found guilty of a data breach. Article 58 does not differentiate between an accidental breach and a deliberate breach. Fines for a data breach have been increased to a maximum of 20 million Euro or 4% of their global turnover, whichever is the larger.

If there was ever an appropriate time for Irish Companies to review all of their data processing activities, identify to whom they are releasing data to both digital data and paper data, it is now before the fines are in place and enforced.

Within the GDPR, a single DPO can represent multiple organisations and does not have to be a member of staff belonging to the specific Company. Therefore, several organisations can collectively appoint one DPO to represent their combined interests.

Currently it is clear to see through research conducted that the expected compliance is not matched by the level of knowledge and awareness within the market. An underestimated figure of 28,000 Data Protection Officers will need to be appointed throughout Europe before the GDPR becomes law.

For more information upon compliance with the GDPR please contact the Security in Shredding team for assistance.

Save

Five tips for Data Protection Compliance

Mobile paper shredding, onsite paper shredding service, onsite paper shredding, paper shredding service, confidential paper shredding service, offsite paper shredding service, onsite paper destruction service, document shredding services

Image source; lbenitez

With the introduction of The General Data Protection Regulation this year it is essential for Organisations to know that they are complying with the legislation. The first step in compliance is awareness and this article will give a brief overview of some tips to take into account to protect your Organisation. From data consent to third party data processing such as a confidential paper shredding service, I aim to guide you in the right direction.

A. Consent

Always obtain the data subjects consent prior to holding or using their personal data. All forms both physical and web-based which are designed to gather personal information should contain a statement detailing what the information is to be used for.

B. Sensitive data

When dealing with sensitive personal (race, political opinion, mental health etc.) data additional measures should be in place to ensure the security of the data. When this data has reached its end of life always securely destroy the data through a paper shredding service.

Paper shredding Dublin, paper shredding Cork, Paper shredding Galway, Paper shredding Limerick, offsite paper shredding service Ireland, off site paper shredding service Ireland, Off site shredding service Ireland, mobile paper shredding Ireland

C. Individual rights

Be aware of individual’s rights when dealing with information held upon them. If preparing reports always be aware that individuals have the right to see all personal data held about them which also includes emails and informal notes that have not gone through your document shredding service in place.

D. Review files

Data should only be retained when and where absolutely necessary. Securely disposal of the data once it is no longer required through an onsite paper shredding service and/or an offsite shredding service with a data processing firm and under contract. Establish and record regular reviews of the data in your control.

E. Secure disposal of records

When discarding waste data in paper format it is imperative to treat them confidentially. Never discard end of life data with conventional recycling streams. Waste paper data is not the same as general sorted office waste (SOW) before it is destroyed due to the fines and penalties attached to them for a breach. Always hire a professional paper shredding company to secure shred all documents and receive a certificate of data processing. The same applies to waste electronic data carriers such as hard-drives, always securely destroy them through a hard drive shredding service.

For any advice upon data protection and making your Organisation compliant please do not hesitate to contact one of our team through our website www.securityinshredding.com.

You can also follow us on
Twitter, YouTube, LinkedIn, Google+

Save