TEL: +353 (0)1 902 0500
TEL: +353 (0)1 902 0500
25th May 2018

GDPR Compliance

The biggest change in data protection in Ireland and Europe came into force on 25 May 2018 with the General Data Protection Regulation (GDPR). Noncompliance risks reputational damage, Audit by the Data Commissioner, increased risk of a data breach and a fine of up to 4% of Global turnover.

All Irish businesses have to ensure that they are GDPR compliant in the collection, processing and storing of personal data.

Atlantic Compliance has the skills and expertise to advise and support your business with its Data Protection and Compliance needs, we offer a wide range of services.

Statistics Source: DPC 2018 SME GDPR Awareness survey

GDPR
Irish SMEs currently working towards GDPR Compliance
0%
Have identified steps needed for GDPR Compliance
0%
GDPR Compliance Requirement
0%

Frequently Asked Questions about GDPR Compliance

As GDPR compliance is a complex issue, we have put together some Frequently Asked Questions for our clients.

What is personal data?

Personal data is more than just a person’s name, date of birth and address. It is any information a company may hold, that directly or indirectly identifies an individual. For example, if your employee sends an email regarding another of your employees, that is personal data. If you are holding a person’s data for direct marketing purposes, your company has to ensure that you are holding it for the reasons that that person believes that you are holding it for and manage that data in a responsible way.

What is data protection?

Data is the biggest asset your business has. It is the information you have collected over time and use to run your business. Data protection is the management of your data, ensuring that it is kept compliant, safe, up-to-date and reliable. The new General Data Protection Regulation (GDPR) covers 6 Principles of data protection:

1. Personal data shall be processed fairly, lawfully and transparently.
2. Personal data shall be only collected for specified, explicit and legitimate purposes
3. Personal data shall be adequate, relevant limited to what is necessary for processing
4. Personal data must be accurate and kept up to date.
5. Personal data must be kept in a form such that the data subject can be identified only if is necessary for processing
6. Personal data must be processed in a manner that ensures its security

What is ‘processing’ data?

Processing data is anything to do with data such as collecting it, filing it, storing it, deleting it, archiving it or putting it into a file.

Why do I need to be GDPR compliant?

Here are 5 reasons why you need to be GDPR compliant:

1. It’s the law – the General Data Protection Regulation (GDPR) is came into force in Ireland on 25th May 2018. Atlantic Compliance Ltd. will help you meet these regulatory obligations.

2. Good business governance – it is good business practice to manage your data and to have formal retention policies for data. We will help you improve your data quality.

3. Run your business more efficiently – Atlantic Compliance Ltd. will help you improve productivity through clean data. Once all the redundant data is removed, your staff will no longer waste time on dead-ends.

4. Reduce the risk of reputational damage – which could result from a data protection breach. We provide a Breach Policy and advice to mitigate against this.

5. Support – Atlantic Compliance Ltd. will provide support and representation to your business if you get a data breach.

How can I become GDPR compliant?

A Gap Analysis is the first step in becoming compliant. It is a comprehensive assessment of how you collect, manage and store your data to ensure that you are GDPR compliant. Find out how Atlantic Compliance Ltd carries out a Gap Analysis.

What are the consequences of a Data Breach?

If your company suffers a data breach it is compulsory to report this to the Data Protection Commissioner. Previously only breaches deemed high risk had to be reported. After May 2018 companies could be fined up to 4% of their worldwide turnover, not just Irish turnover. This is in addition to suffering reputational damage and loss of confidence from customers and staff. A Data Protection Audit may be conducted on the company by the Data Protection Office which may be time consuming and stressful.

My company is not in the EU but we process data in the EU – does GDPR apply to me?

The new regulation also applies to any personal data of EU citizens which is stored outside the EU. If a company based outside the EU (such as a cloud storage service) stores data belonging to an EU, they are also subject to the new rules. To solve the problem, you need to do a Gap Analysis to find out where you are currently and to prove to the Data Protection Commissioner that your company is complaint under GDPR.

How long will it take?

This depends on the size and complexity of the company, the maturity of data and what resources can make available to us during the Data and Gap Analysis. The Pre-Audit Workshop will provide clarity along with the volume, types and uses of data that you have. After the Pre-Audit workshop we provide plans and timeframes

How much will it cost?

We offer a fixed price for organisations depending on the size and complexity of the company. There is no obligation to complete the full Audit and managed GDPR compliance after the Pre-Audit Workshop. We also offer a phased payment plan for the Gap Analysis and Audit Report. To set up a Pre-Audit Workshop.

Key Services

GDPR AUDIT

Click for more >

GDPR Workshops

Click for more >

Online Training

Click for more >