The General Data Protection Regulation (GDPR) Awareness Coalition is a not-for-profit, fixed-term initiative designed to assist in raising awareness of the data privacy obligations for companies resulting from the implementation of the GDPR. L2 Cyber Security Solutions is a proud partner of this group.
The GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The establishment of this initiative was motivated by the growing concern that GDPR awareness throughout Ireland is unbalanced among enterprise, construction and retail sectors. Coalition Partners include GDPR experts, as well as vendors, legal, fiscal, event and general collaborators.
Today, 28th March 2017 at 8:00am, the Irish GDPR Awareness Coalition launches it’s nationwide awareness campaign. L2 Cyber Security Solutions is one of the more than 60 partners that are working together to help raise awareness across all industries, about the impending implementation of this new regulation across the EU.
The GDPR Awareness Coalition will be using a multitude of channels to get the message out there. We have our Website, Facebook, LinkedIn and Twitter where we will be using the #SimpleGDPR hashtag, as that is how we will be delivering our message – in a simple and easy to follow way.
For more information about this initiative or to get involved as an active GDPR Awareness Coalition Partner, please email firstname.lastname@example.org.
This EU regulation goes into effect on the 25th May 2018 and every organisation that stores and/or processes personal information of any EU Citizen must be in compliance on that day. We are in the honeymoon period now folks, so (a) you need to be aware that this is coming and (b) you need to prepare your organisation for it.
Here are 12 high-level steps that you can take to prepare for the GDPR:
Make sure decision makers and key people in your organisations are aware of what is happening.
- Information held
Document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit.
- Communication privacy information
You will need to explain your legal basis for processing the data, your data retention periods and that individuals have a right to complain.
- Individuals rights
The main rights for individuals under the GDPR will be (a) subject access, (b) to have inaccuracies corrected, (c) to have information erased, (d) to prevent direct marketing, (e) to prevent automated decision-making and profiling, and (f) data portability.
- Subject access requests
You should update your procedures and plan how you will handle requests within the new timescales (30 days) and at no charge to the individual.
- Legal basis for processing
You should look at the various types of data processing you carry out, identify your legal basis for carrying it out and document it.
You should review how you are seeking, obtaining and recording consent and whether you need to make any changes.
You should start thinking now about putting systems in place to verify individuals’ ages and to gather parental or guardian consent for the data processing activity.
- Data breaches
You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.
- Data protection by design
Carry out Data Privacy Impact Assessments (DPIAs) where you are introducing new technology, in order to establish a risk assessment.
- Data Protection Officers
The GDPR will require some organisations to designate a Data Protection Officer (DPO), for example public authorities or ones whose activities involve the regular and systematic monitoring of data subjects on a large scale.
If your organisation operates internationally, you should determine which data protection supervisory authority you come under.
Look out for lots of useful and informative content on the various GDPR Awareness Coalition platforms over the next few months.