GENERAL DATA PROTECTION REGULATION[1]
The General Data Protection Regulation (GDPR) will come into force on the 25th May 2018. This will replace the existing data protection framework under the EU Data Protection Directive.
As this is a regulation, it will not require transposition into Irish law due to ‘direct effect’. Therefore organisations involved in data processing of any kind need to be aware that the regulation will address them directly in terms of the obligations it will impose. The GDPR emphasises transparency, security and accountability on the part of ‘data controllers’ and ‘processors’, while at the same time standardising, harmonising and strengthening the data privacy rights of European citizens.
Many of the main concepts and principles of the GDPR are very similar to those in our current Data Protection Acts (1988 and 2003), therefore if you are compliant under current law, the majority of your framework will not need to be amended in order to comply with the new GDPR.
The DPC has created a GDPR-specific website www.GDPRandYou.ie to help individuals and organisations become more aware of their amended rights and responsibilities under the General Data Protection Regulation.
The DPC has also prepared an introductory document to help organisations as they transition to GDPR: “The GDPR and You”. This document lists 12 steps which organisations should take in order to be GDPR ready by the 25th May 2018. Please note that this is not an exhaustive list.