GDPR: A Gold Standard for Europe and Beyond

Key takeaways: GDPR: A Gold Standard for Europe and Beyond

• GDPR is seen as the most stringent data protection in the world.
• It puts control back in the hands of people.

What is personal data:

• Any information relating to an identified or identifiable living person.
• Sensitive data is given extra protection and includes things like religion, ethnic origin, trade union membership and data concerning health.
• This data must be safeguarded with extreme care.

What lawful bases can be used?

• If you’re collecting data for a particular purpose in mind you must determine the legal basis for doing so. For example, performance of a contract (employment contract), legal obligation, consent (it was redefined in 2018 due to its importance), public task.

Principles of processing

• Collecting data in a fair and legal manner.
• Be transparent about the purpose and limit the data to that purpose.
• Use integrity and confidentiality.

• The location of the data controller doesn’t necessarily have to be in the EU.
• New with GDPR – you must be able to demonstrate how it complies with the data protection principles.
• It is ultimately your responsibility to do due diligence with regard to data protection.
• It is a risk-based legislation. It is specifically focused on the risk to the data subject i.e. their rights and protection around the data.
• It is important to establish the risk of the data you’re processing and include this on your risk register. 
• GPDR is about putting the individual back in control of their data in some of the following ways:
  • The rights of a data subject is that they have access rights to their data and you must return it within 30 days. 
  • Inaccurate data should be corrected.
  • The right to be forgotten.
  • An individual can ask one data controller to pass their data to another data controller i.e. data portability.

Data breaches:

• It’s a breach of security if it leads to the loss or destruction of data.
• You’ve 72 hours to report a data breach to the DPC/SA.
• You must report a breach if it poses any risk to the data subject.
• Examples of data breaches: incorrectly addressed postal correspondence, incorrect email recipients, inappropriate disposal of paper records, unauthorised access to data, and loss or theft of devices.

The penalties:

• These are written into the GDPR.
• There is now a possibility to bring a private claim.
• Serious infringements by companies can have fines of up to €20,000,000.

What has happened since 2018 to now:

• A lot more activity including consultation and guidance.
• A number of fines and private claims. 
• Greater awareness amongst individuals.
• Greater control and transparency for data subjects.

GDPR as the gold standard:

• Since 2018 a number of jurisdictions have adopted elements of GPDR including:
  • PDPA 2019 – Thailand
  • PDPL 2019 Bahrain
  • LGPD 202 – Brazil
  • PIPL 2021 – China
  • Digital Personal Data Protection Act 2023 – India

It’s five years since GDPR was introduced as law across the EU. Individuals in this region now have unprecedented control over their personal data. To achieve this gold standard, data handlers now operate within the confines of strict regulations.

Join us for this webinar where we’ll put a spotlight on the purpose of GDPR and its impact on data protection regimes across the world during this time.

Use this informative webinar to deepen your understanding of:

– Regulatory fines, private lawsuits and reputational damage.

– The future of data protection law in the EU and the rest of the world.

GDPR continues to evolve with more and more people entrusting their personal data with cloud services. Keeping up to date on best practices is essential for every organisation. Your key takeaways:

– Clarity about what a robust data protection framework looks like.

– How to evaluate data protection for your risk register. – Understanding the territorial application of the GDPR.

Gillian is a Certified Data Protection Practitioner (CDPP) and graduated from DCU with an Honours Degree in Marketing and also holds a Post Graduate Diploma in Digital Marketing. Gillian is a business professional with over 2 decades’ experience working in eCommerce, Compliance, Technical Support and Customer Services. Gillian focuses on improving clients’ data protection compliance whilst also streamlining their business processes. She understands the intricacies of business, having worked in industry for 20 years and offers clients pragmatic GDPR, ePrivacy and data protection advice and solutions based on individual operational requirements. Gillian is a member of the Irish Computer Society and the Association of Data Protection Officers.

Jim holds a Masters in Economics from Trinity College Dublin and is a Qualified Accountant (FCMA, CGMA). He also holds an Advanced Diploma in Data Protection Law from the King’s Inns, , a Diploma in Corporate Governance from the Corporate Governance Institute and a Diploma in Leadership and Quality from RCPI. He has been a member of the Medical Council since 2018. Jim has over 35 years’ experience working in the health services. During his time in the HSE he was Secretary to the Board where he led the establishment and embedding of new governance structures and most recently was Head of Data Protection and Data Protection Officer for HSE, one of Ireland’s largest data processors. As its first full time DPO, Jim developed a roadmap for the implementation of a Data Privacy and Governance Framework for the organisation. He also managed the HSE’s data protection programme in relation to COVID-19 Testing and Tracing, Vaccination and Digital Covid Certificates and led the HSE’s data protection response to the May 2021 large scale Cyber-attack.