As a regulation, it will not generally require transposition into Irish law (regulations have ‘direct effect’), so organisations involved in data processing of any sort need to be aware the regulation addresses them directly in terms of the obligations it imposes.
The GDPR emphasises transparency, security and accountability by data controllers, while at the same time standardising and strengthening the right of European citizens to data privacy.
The office of the Data Protection Commissioner (DPC) is aware that the increased obligations that the GDPR places on companies might cause some anxieties for
This document is the first in a series that will issue in the run-up to the 25th May 2018 implementation date.
The aim is to try to alleviate some of those concerns, and facilitate a smooth transition to future data privacy standards for data controllers and data subjects alike.
Many of the main concepts and principles of GDPR are much the same as those in our current Data Protection Acts 1988 and 2003 (the Acts) so if you are compliant under current law, then much of your approach should remain valid under the GDPR.
However, GDPR introduces new elements and significant enhancements which will require detailed consideration by all organisations involved in processing personal data.
Some elements of GDPR will be more relevant to certain organisations than others, and it is important and useful to identify and map out those areas which will have the greatest impact on your business model.