Keep up to date: As May 25 approaches, there will be further clarity around the content of the national legislation. This will impact on how the Regulation will be enforced in Ireland. Members are encouraged to attend CPD sessions on the GDPR.
Where can I find further information on the GDPR? A link to the GDPR is available here: www.eur-lex.europa.eu/legalcontent/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN. The Irish Data Protection Commissioner’s Office has a website, which offers a broad outline of the GDPR and how it will impact businesses – www.gdprandyou.ie. At EU level, the Article 29 Working Party oversees the development of data protection rules throughout the EU, and publishes opinions and recommendations on various data protection topics. The newsroom is a good source of information and indicates how GDPR issues are being viewed by the legislators. It also publishes guidelines on specific issues from time to time: http://ec.europa.eu/newsroom/just/item-detail. cfm?item_id=50083. A GDPR section can be found in the members’ section of The Bar of Ireland website – www.lawlibrary.ie. Our weekly e-zine In Brief will have regular GDPR updates and links to all of the latest information. In addition, we will be running a series of events over the months ahead to assist members’ preparation for compliance.
Who can I talk to about GDPR compliance? Please send any queries you have in relation to the GDPR to jokane@lawlibrary.ie or contact the IT Helpdesk at ithelpdesk@lawlibrary.ie, or EXT 5500.
THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT YOU NEED TO KNOW
What is the GDPR?
What happens if I am not GDPR compliant?
The GDPR is a European Union (EU) Regulation that significantly increases
Unlike the current Directive, the new Regulation allows for administrative
the obligations and responsibilities for organisations and businesses in how
fines. For a serious breach of the GDPR (e.g., a major security breach),
they collect, use and protect personal data. The GDPR will bring significant
the maximum administrative fine is up to 4% of global turnover or ¤20
changes to current data protection laws.
million, whichever is higher. For other breaches (e.g., inadequate record keeping or failure to report a breach), regulators will have the power to
When does the GDPR take effect?
issue penalties of up to 2% of global turnover or ¤10 million.
The GDPR comes into force on May 25, 2018, and will come into effect
Also, data subjects have the right to claim compensation from the data
automatically across the EU on that date without each member state having
controller or processor. If data has been incorrectly held or used, and the
to pass a specific law to implement it.
individual has suffered damage, members could find themselves subject to legal action. The reputational damage of non-compliance should not be
Why is the GDPR important?
underestimated. Sanctions issued by the regulator will be in the public domain.
The current EU Data Protection Directive dates back to 1995, when Google did not exist and the internet was in its infancy. Technology has changed and
How should I prepare for the GDPR?
the legal basis for data protection has also changed. The Charter of
The Bar of Ireland is putting a range of measures in place to assist
Fundamental Rights of the European Union establishes that everyone has the
members in achieving compliance:
right to the protection of their personal data (any information about an individual). For individuals, who are known as data subjects, the GDPR
Avail of the technology solution: The Bar of Ireland has a technology
improves the protection of existing rights and introduces new rights. The GDPR
solution available for members based on Microsoft Office 365. Our Office
clarifies what organisations that process personal data must do to safeguard
365 platform ensures that your data remains in the EU and is encrypted. This
these rights and introduces significant fines for those in breach.
extends to all your email data and to files that you store in OneDrive storage.
For barristers, one of the biggest challenges involves ensuring that clients can
This Microsoft Office 365 solution allows each user up to five licences,
exercise those rights and ensuring that information is processed securely. This
thereby enabling it on up to five different devices. This technology is included
will involve an in-depth look at how consent is obtained for data processing
in your annual membership subscription, so no further charges will apply.
activities and a review of technical measures to ensure that personal data is adequately protected.
Access The Bar of Ireland guidance framework: The GDPR calls on member
How will the GDPR apply to me?
Bar of Ireland framework will suggest processes and procedures that should be
The GDPR will apply to every barrister who processes and holds the personal
put in place to ensure members are operating in accordance with the GDPR. The
organisations to provide a framework to assist members’ compliance activity. The
data of data subjects residing in the EU. The GDPR will apply equally to sole
framework is expected to widen as clarity develops around the impact of national
traders and multinationals, and barristers are required to be GDPR compliant.
supporting legislation, and consequently the requirements of the GDPR. The guidance is being prepared by a working group of The Bar of Ireland and
Who is responsible for compliance?
will be published in due course. Once published, the framework will ensure
As barristers are sole traders, each member is individually responsible for
that members have classified data, have a legal basis to process the
ensuring their own compliance. While The Bar of Ireland aims to assist
information, and can show policies associated with these activities. Data
members, it is up to each individual barrister to ensure compliance.
retention is a particularly important policy.