Common GDPR Questions…

What is the GDPR?2017-12-06T09:23:32+00:00

The EU General Data Protection Regulation (GDPR) was introduced to replace the Data Protection Directive 95/46/EC. It standardises data protection laws across the EU and aims to improve citizens’ privacy and more strictly regulate how organisations acquire and use your personal information.

When does the GDPR come into effect?2017-12-06T09:29:37+00:00

The GDPR comes into effect on 25th May 2018. It does not require any further legislation; it will immediately be in effect on that date.

What can happen if I don’t comply with the GDPR?2017-12-18T08:42:59+00:00

The maximum penalty under the GDPR legislation is 4% of annual turnover, or €20 Million – whichever is lowest. Less serious breaches can still bring a fine of 2% or €10 Million.

Examples of serious breaches of compliance might be not having customer’s consent to process information or failure to notify the regulating authority and data subject in the event of a breach.

What can I do to ensure GDPR compliance?2017-12-06T10:27:48+00:00

In order to comply with the GDPR you should ensure that

  • personal data you collect is processed lawfully, fairly and in a transparent manner
  • it is ollected only for specified, explicit and legitimate purposes
  • it is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
  • it is accurate and kept up to date and that every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
  • it is held only for the absolute time necessary and no longer
  • Processed in a manner that ensures appropriate security of the personal data
Do I need a Data Protection Officer?2017-12-06T10:55:58+00:00

Under the GDPR you must appoint a Data Protection Officer if

  • Are a public authority (except for courts acting in their judicial capacity);
  • Undertake large scale systematic monitoring of individuals;
  • Carry out large scale processing of special categories of data or data relating to criminal convictions and offences.

Any organisation may appoint a DPO.  Whether you do or not, it is important that your staff know their responsibilities with respect to the GDPR.

What is the role of the Data Protection Officer?2017-12-06T11:08:43+00:00

Under Article 39, the minimum tasks of a DPO are:

  • To train staff with regard to their responsibilities under the GDPR
  • To monitor compliance with the GDPR.
  • To act as the first point of contact for authorities and individuals whose personal data is processed

The DPO must report to the highest management level in the organisation.  The must operate independently and must not be penalised for doing their job.

What is ‘sensitive data’?2017-12-06T11:13:57+00:00

Sensitive data is data which uniquely identifies a person, such as DNA or other bio-metric information.  Under the GDPR, individuals must give explicit (opt-in) consent to the use of sensitive data.

Some common terms regarding Data Protection.2017-12-06T10:10:04+00:00

Data Subject:  A natural person

Personal Data:  Any information which can be used to identify a data subject, such as photographs, email addresses, bank details, social media posts, etc.

Data Controller:  The individual or entity with responsibility for the retention and use of personal data.  Data controllers have legal responsibilities, therefore it is important that you know whether or not you are a Data Controller.  Examples of Data Controllers are doctors, banks, clubs and societies, etc.

Data Processor:   A Data Processor holds personal information but does not control it, merely processes it on behalf of the data controller.  Examples might be accountants or market research companies.

What does ‘explicit’ and ‘unambiguous’ consent mean?2017-12-06T11:27:02+00:00

Under the GDPR, companies will be required to request consent clearly and unambiguously, in a manner that is easy to understand.  Legal jargon is to be avoided.  Withdrawal of consent must be as easy to achieve as granting it.

In the case of sensitive data, only explicit consent will suffice, i.e. the customer must explicitly ‘opt-in’.

Do I need a separate pack for each of my websites?2018-01-08T23:28:47+00:00

If you have multiple websites, you need a pack for each site. If they are closely related, one pack will cover all of them. For example, if you have two sites A. tomstractorsgalway.com and B. tomstractorsdublin.com – then one web pack can be used on both sites.

If however the sites are not closely related then you will need a separate pack for each site. For example A. tomstractorsgalway.com and B. peterskitchenknives.com – these sites are not related and as such are treated as separate businesses. Therefore you will require a pack for each site.

Can my policies be used on other businesses websites?2018-01-29T23:52:14+00:00

Simply put, No! Once your documents have been added to your site we then register your domain with our copyright and plagiarism system. Should anyone attempt to use your unique documents, we will be alerted straight away!

We will contact the offending site with instructions to remove your policy content from their site.

As a business owner, you are 100% responsible for ensuring your website is fully compliant with the GDPR by May 25th, 2018


We provide Unparalleled value with regards compliance to the new GDPR law, which will affect your website on May 25th 2018. Our document pack is verified and approved for compliance by an independent solicitor, barrister and US attorney.

  • Fully Compliant Documents – Full cover for your website

  • Quick Turnaround – Ready for your site in Under two weeks

  • Guidance Provided – Notes supplied for all documents

  • Proof Read Policies – All documents have been checked by 3 independent Proofreaders

  • Google Analytics & Facebook Pixels – use of common website technologies covered

  • Installation – Optional installation of policies on your website available **subject terms and conditions

All your documents are protected using online copyright software which will notify us should anyone attempt to use your policy documents on any other website.


A fully compliant GDPR “terms of use” document for both general use and E-commerce sales where applicable. The Terms of use document gives you maximum legal protection and fulfils your obligations under the new GDPR legislation.

Each document is tailored to specific facets of your business and features of your website. The Terms of use document will have been independently verified by a solicitor, Barrister and US Attorney to ensure full compliance.

A user content agreement prevents misuse of your website and decreases your liability to third parties. It provides a number of legal remedies in the case of site breach to help keep you fully protected.

This Agreement document can be tailored to suit your individual needs and website features and will have been independently verified by a solicitor, Barrister and US Attorney to ensure full compliance.

A fully compliant GDPR privacy policy detailing full information about your data processing, data storage processes and processing of subject access requests.

This privacy policy is tailored to the specific processes of your business and features of your website. It outlines your use of personal data for marketing purposes

This privacy policy will have been independently verified by a solicitor, Barrister and US Attorney to ensure full compliance.

A fully GDPR-Compliant cookies policy indicating all relevant use of cookies and related technologies used by the vast majority of websites across the web.

The technologies include Facebook Pixels, Google Analytics, and other similar technologies.

It can be modified to include any specific technologies or tracking system included on your website.

This Cookie Policy will have been independently verified by a solicitor, Barrister and US Attorney to ensure full compliance.

Each document you receive will be accompanied by a full guidance note which explains how to adopt the policies for your website should you wish to change any aspect of your website and need to update the documents as required.

The notes are easy to follow, they are straightforward and provide you with instructions and provide you with a simple method simple method of keeping your website compliant with the new GDPR.