Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

Irish DPC Issues Guidance Note on the GDPR

13.04.2017

The Irish Data Protection Commissioner ("DPC") published a guidance note on the General Data Protection Regulation ("GDPR") in preparation for the most significant overhaul on data protection within the EU in over 20 years. The GDPR will apply from 25 May 2018 and aims to harmonise existing EU-wide data protection laws and will replace the existing framework introduced by the EU Data Protection Directive 95/46 EC.

The DPC's guidance is promised to be the first in a series that will run up until the GDPR applies and focuses primarily on how organisations should prepare to ensure their data processing activities are fully compliant with the GDPR ahead of the implementation date.

The recommendations include the following:

  • Data mapping: mapping out where an organisation makes its most significant decisions about data processing;
  • Designated responsibility: ensuring someone in an organisation or an external data protection advisor takes responsibility for data protection compliance and has the knowledge, support and authority to do so effectively; and
  • Data Protection Officers: considering whether the organisation will be required to designate a Data Protection Officer and, if so, whether the current approach will meet the GDPR's requirements.

The DPC emphasises that the adoption of "privacy by design" and "data minimisation" principles are already good practice and both principles are now enshrined in the GDPR. Accordingly, service settings must be automatically privacy friendly and new services and products being developed will need to take account of privacy considerations from the outset.

The note also reminds organisations that the GDPR will impose very significant fines for non-compliance of up to 4% of an organisation's annual turnover.

The DPC is a much stronger resource following a very substantial increase in its annual budget over the last few years, a significant expansion of the team and new offices ahead of the implementation of the GDPR ensuring that it will be able to enforce the new data protection regime from May 2018.

 

Article provided by Leo Moore (William Fry), attorney in Ireland.

 

Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

CPC project office: Dr. Tobias Höllwarth, tobias.hoellwarth@eurocloud.at

VIEW PROJECT

WHAT IS THE DPC/CPC PROJECT?

53 lawyers from 33 countries are contributing to the project “Data Privacy Compliance (DPC)/Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More

 

CPC MISSION & VISION STATEMENT, 2018

The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.