Author Archives: Edward McGarr
GDPR – Start now!
If you do not know about the personal data you hold, you cannot comply with the GDPR. So, trace the flow of personal data in your company. Bear in mind that the personal data of employees is covered by the GDPR. Compliance with the GDPR will involve those self-same employees. They will need training in the application of the principles of the GDPR in your organization. Possibly you are obliged to appoint a Data Protection Officer (DPO). If so, even […]
GDPR and Brexit (whatever that means)
There is probably a book yet to be written on the interplay between the General Data Protection Regulation and Brexit, but some elements can be seen now. Unusually, the GDPR permits the introduction of some national legislation on data protection issues. They include occasions where a legal obligation mandates the processing of personal data, or the processing relates to a public interest task, or the processing is carried out by a body with official authority. There are others. As a […]
GDPR; Personal data belongs to people
The EU deferred the application of the GDPR personal data rules for two years to allow organisations to make the necessary internal changes to reach compliance. The first, and possibly the most difficult, is to perceive what is stated in the title here; personal data belongs to the data subject. Personal data, collected by you, is not owned by you. Think of it as money. Less than one year from now, your organisation must be able to account for personal […]
Why bother with the GDPR?
Here is news that was not (to my knowledge) on RTE. Deep Root Analytics maintained a database on an estimated 62% of the population of the USA. It contains what is known as “sensitive” information on the population. It is being used to profile the US population. The GDPR is designed to prevent the processing of exactly such a database as Deep Root Analytics possesses. Companies like Deep Root Analytics believe that the information they have collected is theirs, not […]
Spoiling the Ship
When the EU passed the GDPR as directly effective law it deferred the implementation of the GDPR for two years to allow organisations to make the necessary changes to comply with the law. One year of that two year period has passed. Many companies and organisations have not even begun to make the necessary changes. For some of them, there is not now enough time to make the necessary changes to reach compliance by 25th May 2018. There is a […]
GDPR; Getting ready for Privacy by Design
Article 25 GDPR requires organisations to adopt privacy by design and by default. Generally, these will come as new principles in data protection implementation to many of the organisations obliged to adopt those principles before 25th May 2018. That’s the date the Regulation comes into force. Failure to do this will be easily detected; under Article 30 GDPR organisations are obliged to establish and maintain a register of data processing activities. Implementation of privacy by design and by default should […]
GDPR: Is your business a Foinavon?
Less than one year from now every business holding (i.e., processing) personal data will have undergone a significant process of internal change or will, more likely than not, be in breach of the GDPR. The change process will have started at the top of the business and will have devolved downwards in the form of training (and other changes). With a considerable amount of work businesses can make the necessary changes. Those businesses that succeed in changing and adapting will […]
GDPR; The Peril of holding data without good title
If you belong to some form of “circulating library” of personal data, less than one year from now you will encounter an excruciating dilemma. Under Article 14 of the GDPR you must notify the data subjects, whose data you have just received, of that fact and of your intentions with regard to the data. If you fail to do that you will be in breach of the Regulation. If you do it, the data subjects may direct you to delete […]
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) comes fully into effect on 25th May2018. I suggest this soundbite to sum up the GDPR; “Nothing about me without me”. The phrase is not new, it comes most recently from the UK National Health Service in the terms “No decision about me without me”. Under the GDPR, processing of personal data (possession is processing) must be legal; it must be lawful. Each act of processing must be confirmed to be lawful anddocumented. That […]
One Year Plus One Month
There is a revolution coming; in fact it has arrived. The revolution is favourable to persons, to individuals. A person is, in principle, entitled to control of her data. If government or commercial interests wish to use that data they must comply with the General Data Protection Regulation (GDPR). The GDPR is current law and comes into effect on 25th May 2018. That date represents a cliff-edge. That edge has been made more severe due to Brexit. Brexit, as the […]