What is GDPR

GDPR is an acronym for “General Data Protection Regulation”, which, is a regulation that has been approved by The European Parliament, European Commission and the Council of the European Union with the aim to strengthen and ultimately unify Data Protection for all persons within the European Union.

GDPR applies to Personal data and is defined as information regarding to an identifiable natural person, known as the “Data Subject”.  An identifiable natural person means a person who can be identified either directly or indirectly from information, particularly by reference to an identification such as ID number, name and/or location data.

Anonymised data will not be covered by the GDPR and is also currently not covered by The Data Protection Acts within Ireland. The familiar Data Protection terminology of “Data Processors” and “Data Controllers” are continued in use within the GDPR.

 

A Data Controller

A person that determines the exact purposes and the methodology by which the personal data is and will be processed. The ultimate responsibility for Data Protection Compliance ends with The Data Controller.

Negligence is not an excuse for a Data Controller. For a data controller to process data, they are to be aware of their responsibilities and cannot claim indemnification even if they were advised to conduct certain activates in a certain way from a separate person.

For more information please contact us at [email protected] or visit Data Protection Ireland.

 

A Data Processor

A person who processes personal data for a data controller. It is the Data Controller who decides the purpose and manner to be followed during the process, therefore they hold responsibility, and, it is the Data Processor who will process the data. Process means, any operation that is conducted upon personal data including but not limited to collection,  consultation, recycling and secure destruction.

Therefore, if a person hires a data processor to conduct a process on their data, it is the ultimate responsibility of the Data Controller to be in compliance. It is the ultimate responsibility of the data controller to be fully aware of the process being conducted and to know that the said process is in full compliance. There is no room for error/guessing.

For further information please contact our team at [email protected].

 

Examples of sensitive information that may require secure destruction:

Personal Information

Telephone Information

Driver License Details

Passport Details

Credit Card Details

Bank Account Details

Contact Addresses

Insurance Details

Employment Details

Client Information

Disciplinary Details

Performance Appraisals

Treatment Programs