With the introduction of the New General Data Protection Regulation (GDPR) due to come into effect in May of 2018, the news of the Data Protection Commissioner’s Office (DPCO) expansion is a great development for Ireland and Irish Companies.
The expansion has been made possible through additional funding secured in the 2017 budget. With significant fines and penalty increases for non-compliance with The GDPR, making sure your Organisation is in compliance is essential.
Guidance to achieve compliance
To date, The DPCO has released guidance documents to help all individuals and Organisations to become aware of the legislative requirements. From record management, data access requests through to certified paper shredding, all Organisations will be required to review their practices.
With the significant number of Global Technology Organisations with operations in Ireland, coupled with Indigenous Irish Companies, the role and workload of the DPCO has grown to a Worldwide level.
The GDPR is a game changer in Ireland and across Europe. “It is a law that is going to lead the standard for data protection globally” said Dixon at the opening of The DPCO in Fitzwilliam Square, Dublin. She added, “It will include key new rights to better control for users of their personal data, and imposes corresponding obligations on organisations that collect data,”. This includes both digital data processed and stored upon data carriers in addition to the physical data printed and stored in paper format. End of life data, both in paper and digital format will be advised to be disposed of appropriately through a confidential shredding company.
Data Protection Officer appointment
One of the many new requirements under the GDPR is to appoint a Data Protection Officer. This requirement is for specific Organisations whose core business activities will consist of;
- Data Processing activities
- Large scale processing of the categories of data relating to criminal convictions
- Public Bodies & Authorities (excluding courts relating to their judicial capacity)
The Data Protection Officer is required to have a full knowledge of the risks associated with their Organisations processing activities. The GDPR has clearly identified the Data Protections Officer’s role as an independent one. They cannot be instructed upon the relevance of the DPO responsibilities or a matter relating to Data Protection.
Data Protection Officer Independence & Knowledge
Staff training upon Data Protection will be the responsibility of the Data Protection Officer in addition to providing expert advice upon data protection impact assessments. The newly appointed Data Protection Officer can also take on additional tasks if required to do so, depending wholly that there is no conflict of interest with GDPR compliance while completing the tasks.
For further information upon the GDPR and/or any Data Protection guidance please contact the team here at Security in Shredding.