A straightforward customer guide to Irish data defense regulation and your rights


Data security is everything about safeguarding your personal data. Yet what does this truly indicate?


Ian Long Solicitor This guide is by Ian Long, solicitor and information protection specialist with greater than twenty years’ experience in business of all sizes, including AIB Bank, Aon Corp., Bank of Ireland Group, Griffith University, Groupon International, IAC Applications, Pepper Asset Maintenance, as well as Ulster Bank.


A company or an organisation that deals with any kind of information regarding you need to take certain actions to safeguard it and also maintain it secure. Otherwise the details might be used to hurt you in all type of methods. Maybe made use of to market goods as well as solutions to you that you do not want or, worse, to take cash from your checking account.

Instances of individual information are your name, e-mail address, contact number and also bank account number.

What is ‘GDPR’?

The General Data Security Law (GDPR) is a lawful framework that puts down the guidelines for the handling of individual information about individuals. It uses not simply in Ireland however throughout the EU. The GDPR requires all firms as well as organisations, or ‘data controllers’, that process your individual data to comply with the new regulations.

‘Process’ includes practically whatever to do with managing personal information. This suggests collection, organisation, storage, alteration, usage, interaction, disclosure, removal as well as destruction of the data.

The GDPR aims to offer a level playing field for individuals across the EU in managing organisations that process their individual information. The brand-new regulations use in every Member State of the European Union.

Concepts of Information Security

The policies are laid out in the seven basic principles of data defense:

  • Lawfulness, justness as well as openness— there have to be a lawful basis for the information processing, as well as it has to be reasonable and also apparent to you.
  • Function restriction— the information can just be processed for the function(s) for which it was acquired from you.
  • Information minimisation— just the minimum amount of information can be made use of for the objective(s) of the information processing.
  • Precision— the information should be precise as well as up-to-date.
  • Storage space limitation— the data can only be kept for as long as required.
  • Honesty and also privacy — the information must be complete as well as safe and secure.
  • Responsibility— the business or organisation that is refining your data is accountable to you, i.e. they need to reveal they adhere to all of these rules.

The principle of Permission

  • Among the crucial needs of the GDPR is that your approval must be obtained for any processing of your personal data.
  • In order to give an educated permission, obviously you must be made aware of what’s being done. The data have to be confidential to the great level possible, in order to shield your personal privacy.
  • The data controller should alert the Data Protection Commission of any kind of individual information violation, e.g. an unsanctioned disclosure of your information.
  • If the company or organisation is above a particular dimension, it needs to designate a data security policeman to manage conformity with GDPR demands.

Defending your legal rights to privacy

The GDPR especially supplies that you have certain legal rights versus the data controller to make certain the privacy and protection of your data.

You have the right to:

  • ask the information controller to send, or ‘port’, your data to an additional firm or organisation;
  • ask the information controller to erase your data in specific scenarios, e.g. if it’s no more required (the ‘ideal to be forgotten’);
  • be educated of what information is being refined as well as why;
  • withdraw your grant the data handling;
  • ask for a duplicate of your information; as well as
  • request your information to be corrected/updated.

Taking lawsuit for non-compliance

An information controller will pay dearly for non-compliance with these requirements.

The GDPR allows you to take legal action versus the firm or make a complaint to the Data Defense Compensation. The Compensation has considerable powers and can enforce a fine of as much as EUR20 million or 4% of the firm annual turn over, whichever is better.

Obtain Legal Advice

If you have a lawful concern relative to information personal privacy or security, you can contact us below.

You May Also Like