General Data Protection Regulation Update

AUTHOR(S): Anne-Marie Bohan, Mark O’Sullivan, John Ryan
PRACTICE AREA GROUP: Technology and Innovation, Data Protection
DATE: 25.05.2017

Today, 25 May 2017, marks the one year countdown to the introduction of the General Data Protection Regulation (the "GDPR"). As the date draws nearer, it is important that organisations consider the impact of the GDPR on their business and any issues to be addressed before May 2018.

Irish legislation is required before May 2018 to fully implement the GDPR. Draft heads of that legislation were published recently, which set out an overview of the proposed sanctions regime and information on the restructuring of the office of the Data Protection Commissioner (the “Commissioner”). The new regime will include the ability to have up to three Commissioners. There are still a lot of open questions and the detail of the new Irish regime will need to be clarified. We will continue to track developments as the draft legislation progresses and keep you updated.

Summaries and analyses of the key concepts, rights and obligations under the GDPR are listed below. Please contact us if you require any advice or assistance in navigating the challenges of GDPR planning and implementation in your business.

1. Overview
2. Internal Privacy Audits
3. Data Controller Accountability
4. Data Processor Accountability
5. Transparency Requirements – Privacy Statements
6. Consent
7. Data Protection Officers
8. Privacy Impact Assessments
9. Data Subject Rights
10. Data Portability
11. Data Breaches
12. Remedies and Sanctions
13. Impacts on Asset Management Industry