Call McGarr Solicitors on: 01 6351580

Home » Blog » Archives for Edward McGarr

Author Archives: Edward McGarr

Digital Rights Ireland

In January 2012, in the case of Digital Rights Ireland Ltd. v The Minister for Communications & Ors., the High court referred certain questions to the CJEU (ECJ) under Article 267 TEU. In the events that happened the ECJ struck down or found invalid Directive 2006/24/EC in the course of the hearing of the referred questions. The High court is now hearing the parties (Digital Rights Ireland Ltd. and the Minister for Communications & Ors.) in the resumed proceedings, interrupted […]

More

GDPR – Start now!

If you do not know about the personal data you hold, you cannot comply with the GDPR. So, trace the flow of personal data in your company. Bear in mind that the personal data of employees is covered by the GDPR. Compliance with the GDPR will involve those self-same employees. They will need training in the application of the principles of the GDPR in your organization. Possibly you are obliged to appoint a Data Protection Officer (DPO). If so, even […]

More

GDPR and Brexit (whatever that means)

There is probably a book yet to be written on the interplay between the General Data Protection Regulation and Brexit, but some elements can be seen now. Unusually, the GDPR permits the introduction of some national legislation on data protection issues. They include occasions where a legal obligation mandates the processing of personal data, or the processing relates to a public interest task, or the processing is carried out by a body with official authority. There are others. As a […]

More

GDPR; the data is not yours

The EU deferred the application of the GDPR for two years to allow organisations to make the necessary internal changes to reach compliance. The first, and possibly the most difficult, is to perceive what is stated in the title here; personal data belongs to the data subject. Personal data, collected by you, is not owned by you. Think of it as money. Less than one year from now, your organisation must be able to account for personal data in very […]

More

GDPR – Gambling

Reputedly, many businesses and organisations are still trying to get out of bed (or even are still asleep) with regard to compliance with the GDPR. There is just one word to describe this situation; gambling. Just 11months from now, if a business or organisation suffers a data breach, Article 33 GDPR requires them to notify the Regulator and Article 34 requires them to notify the data subjects whose data has been violated. Two scenarios open up; either the business will […]

More

Why bother with the GDPR?

Here is news that was not (to my knowledge) on RTE. Deep Root Analytics maintained a database on an estimated 62% of thepopulation of the USA. It contains what is known as “sensitive” information on the population. It is being used to profile the US population. The GDPR is designed to prevent the processing of exactly such a database as Deep Root Analytics possesses. Companies like Deep Root Analytics believe that the information they have collected is theirs, not the […]

More

Spoiling the Ship

When the EU passed the GDPR as directly effective law it deferred the implementation of the GDPR for two years to allow organisations to make the necessary changes to comply with the law. One year of that two year period has passed. Many companies and organisations have not even begun to make the necessary changes. For some of them, there is not now enough time to make the necessary changes to reach compliance by 25th May 2018. There is a […]

More

GDPR – Privacy by Design

Article 25 GDPR requires organisations to adopt privacy by design and by default. Generally, they are new principles in data protection. Consequently, organisations will be obliged to adopt those principles before 25th May 2018 in order to become GDPR compliant as the Regulation comes to apply on that date. Failure to do this will be easily detected; under Article 30 GDPR organisations are obliged to establish and maintain a register of treatment activities. Implementation of privacy by design and by […]

More

GDPR: Is your business a Foinavon?

Less than one year from now every business holding (i.e., processing) personal data will have undergone a significant process of internal change or will, more likely than not, be in breach of the GDPR. The change process will have started at the top of the business and will have devolved downwards in the form of training (and other changes). With a considerable amount of work businesses can make the necessary changes. Those businesses that succeed in changing and adapting will […]

More

GDPR; receiving data

If you belong to some form of “circulating library” of personal data, less than one year from now you will encounter an excruciating dilemma. Under Article 14 of the GDPR you must notify the data subjects, whose data you have just received, of that fact and of your intentions with regard to the data. If you fail to do that you will be in breach of the Regulation. If you do it, the data subjects may direct you to delete […]

More