Skip to main content
Beauchamps Close
Back

Beauchamps
  • About us
    • About Beauchamps
    • Client service
    • Core values
    • Corporate social responsibility
    • History
    • Knowledge management
    • Partnerships
  • Our People
  • Our services

    Practice Areas

    • Banking & Finance
    • Commercial Property
    • Company Secretarial
    • Construction
    • Corporate & Commercial
    • Corporate Governance & Company Compliance
    • Crisis Management
    • Data Protection & Freedom of Information
    • Employment & Benefits
    • Energy & Natural Resources
    • EU, Competition & Procurement
    • Insolvency & Corporate Restructuring
    • Insurance & Professional Indemnity
    • Inward Investment
    • Litigation & Dispute Resolution
    • Medical Negligence and Personal Injury*
    • Mergers & Acquisitions
    • Planning & Environmental

    Sectors

    • Brexit
    • Charities & Not For Profit
    • Energy & Natural Resources
    • Family Business
    • Financial Services
    • Food & Agri
    • Healthcare
    • Housing
    • Real Estate
    • Retail
    • Sport
    • Technology & Communications
    View All Services
  • What's new
    • Beauchamps - proud sponsor of and official legal adviser to Leinster Rugby
    • Brexit Update
    • Doing business in Ireland
    • General Data Protection Regulation
    • The Companies Act 2014
    • Covid-19 Updates
  • Join us
    • Why join Beauchamps?
    • Current opportunities
    • Legal professionals
    • Business support
    • Intern & trainee programmes
Contact Search
Search Menu
Beauchamps
Search Menu
What's new

Key actions to take to comply with the General Data Protection Regulation

19 Dec 2017

Breadcrumb

  1. Home
  2. What's new
  3. Publication

Share

Preparation is key to the smooth transition to the new data protection standards set out under the General Data Protection Regulation (GDPR).

The sooner preparations commence, the easier it will be for businesses to transition to the new standards as it means that they will have time to ensure that they have adequate procedures in place to deal with the improved transparency, security and accountability. 

If businesses are compliant with the existing data protection law, this is a good starting point to build on.  However, areas there a number of key actions that can be taken, some of which are set out below.

10 practical steps to take towards GDPR compliance

1. Carry out a data audit!

Document what personal data you hold, where it came from, why was it originally gathered, how long will you retain it, how secure is it and who you share it with – so that if you hold inaccurate information you will know this and be able to rectify it. You should identify (and document) the basis (under law) for your processing personal data (eg processing is based on consent or processing is necessary to perform a contract) as some individuals rights will be modified depending on your lawful basis for processing their personal data. For example, individuals have a stronger right to have their data deleted where consent is used as the lawful basis for processing.

2. Review privacy policies

Review your privacy policies in order to address the additional information requirements that are necessary under the GDPR. Information must be provided in concise, easy to understand and clear language.

3. Review your plan for dealing with access requests

Review procedures to ensure that they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format, if requested. Consider and plan how you will deal with requests from individuals (eg seeking access or deletion of their data). The timescale for processing requests have been shortened from 40 days to one month.  If you handle a large volume of access requests, you should consider the logistical implications of having to deal with requests more quickly.

4. Review how you seek, record and manage consent

Review how you seek, record and manage consent and whether you need to make any changes to this process. You are not required to refresh all existing consents in preparation for the GDPR, but if you rely on consent to process personal data, you should ensure that it meets the GDPR standard on being freely given, specific, informed, unambiguous and in plain language.  If not, alter your consent procedures and seek fresh GDPR-compliant consent or find an alternative basis under the GDPR for processing personal data. 

5. Consider children and consent

In relation to children, consider whether you need to put systems in place to verify individuals’ ages and to obtain parental / guardian consent for any data processing activity. If you offer online services to children and rely on consent to collect information about them, then you may need consent from a parent / guardian in order to process the child’s personal data lawfully. The consent has to be verifiable and your privacy notice must be written in language that children will understand. 

6. Consider if you need to appoint a Data Protection Officer (DPO)

Consider whether you need to appoint a DPO. Even if you conclude that you do not need to appoint a DPO under the GDPR, you should still identify a person who is responsible for the organisation’s data protection compliance, careful not to designate that person as a DPO which would result in GDPR compliance requirements.

7. Review and update data breach procedures

Review procedures to ensure that you will be able to detect, report and investigate personal data breaches. You should have an incident response procedure in place in the event of a personal data breach and have a clear plan of action and ensure it is implemented and tested as it will need to be live by 25 May 2018.

8. Remember your employees and your suppliers

Your employees should be made fully aware of the implication of the changes and should be trained in the application of any new policies. Data Protection Impact Assessments (PIAs) may need to be conducted if required and measures should be adopted to mitigate risk. 

Review your arrangements with suppliers as it may be necessary to make contractual amendments in order to comply with the GDPR. 

9. Start keeping records of your data processing activities 

You will also need to keep a record of data processing activities which must be provided to the Data Protection Authority, on request, to demonstrate compliance.

10. Consider the international element, if  necessary

If your business operates in more than one EU Member State, you should map out where your business makes its most significant decisions about its data processing activities. This will help to determine your ‘main establishment’ and therefore your LSA. This should be documented.  

GDPR 10-step guide

Download a copy of Beauchamps' handy 10-step guide for the GDPR so you always have it to hand during your preparations. View 10-step guide.

Further guidance on the GDPR

We have examined the key provisions of the GDPR and the key steps organisations need to take to ensure compliance with the GDPR by the deadline, and created a helpful guidance to support businesses in their preparations for its impact. View our dedicated GDPR page.

About the author

Maureen Daly

Partner

About Maureen

Maureen is partner and head of our technology & intellectual property team, and our data protection & freedom of information team. Maureen works with many of the world’s biggest domestic and global brands particularly in the food & beverage, technology & communications, pharmaceutical and retail sectors, SMEs, start ups, not-for-profit organisations and public sector bodies.

Beauchamps

Related Services

Practice Areas

    Data Protection & Freedom of Information
    Technology & Intellectual Property
    Public & Regulatory

Sectors

    Energy & Natural Resources
    Charities & Not For Profit
    Financial Services
    Healthcare
    Real Estate
    Retail
    Technology & Communications
    Food & Agri
    Housing
Beauchamps

Our Location

Riverside Two

Sir John Rogerson's Quay

Dublin 2, D02 KV60

Ireland, DX No. 63

General Enquiries

T: +353 (0) 1 418 0600

F: + 353 (0) 1 418 0699

E: info@beauchamps.ie

  • Cookie Policy
  • Disclaimer
  • Accessibility
  • Sitemap
  • Contact
  • Privacy
© 2021 Beauchamps LLP