The implications of GDPR on businesses is profound
and Hartnett Hayes can provide clear, concise advice
to businesses on the obligations imposed by GDPR
both in respect of client/customer data and employee
The General Data Protection Regulation imposes greater obligations than ever before on all parties storing and processing personal data while also giving regulators a range of sanctions to enforce compliance.
The decision by the Data Protection Commission (DPC) to issue draft rulings to WhatsApp and Twitter is a significant development. This follows the recent decision by the DPC to fine TUSLA the sum of €75,000 for three separate data breaches. This shows the DPC acting in response to the Advocate General, Henrik Saugmandsgaard expressing the opinion that the DPC should be more proactive in enforcing GDPR. This also shows that the significant sanctions in the form of large fines arising out of non-compliance with GDPR will be enforced against a small domestic organisation and not just the large multi-national tech companies. There can now be no doubt that GDPR compliance is something that all businesses must take seriously and indeed prioritise.
We at Hartnett Hayes Solicitors are well placed to advise in this area and have always regarded client privacy and confidentiality as an absolute priority and as such have implemented a Data Protection Policy to ensure compliance with GDPR and to ensure that we at all times adhere to best practice in this area. To this end, Hartnett Hayes has gone beyond the minimum requirement of GDPR and has embarked on the ambitious path of attaining ISO 27001 certification which is the international standard outlining best practices for an information security management system.
We can advise on a variety of issues to include:
- Data protection policies and notices in line with the GDPR obligations
- Obligations in relation to data protection audits and data protection impact assessments
- Data subject requests including data access requests, data erasure requests, data rectification requests and freedom of information requests
- Contractual arrangements for outsourcing data processing
- Drafting of policies and notices required under data protection law, including privacy statements, data protection policies, breach management policies, CCTV polices
- Data protection and privacy issues arising in the context of the employment relationship. This includes drafting privacy notices for employees, advising on data access requests and advising on data protection issues in workplace disputes.