GDPR Handbook

In May 2018, the law around Ireland’s data protection laws changed to be relevant to the digital world.

Although many principles remain the same as, or similar to, the earlier data protection law (known as the Data Protection Act), there are a number of key changes that you need to be aware of under the new law (known as the General Data Protection Regulation, or GDPR).

This handbook has been created to enable you to see at a glance not only the documents you need but also the guidance you need to put the documents into context.

Templates:

General privacy notice

The notice is used to advise those individuals that you engage with in business how you collect, handle, store and potentially also share, their personal data. It also describes the rights that Ireland’s data protection law (the GDPR) gives them in relation to your activities.

Access the general privacy notice template here 

Website privacy notice

This is something that all businesses with websites need to have. It advises the individuals that you do business with details of how you collect, handle, store and potentially also share, their personal data.

Like the general privacy notice, it also explains what rights are given to them in relation to your activities by Ireland’s data protection and privacy laws (the GDPR).

Access the website privacy notice template here

Job candidate privacy notice

This privacy notice is designed to inform individuals that apply for roles within your business of how you collect, handle, store and potentially also share, their personal data, as well as the rights that they have in relation to your activities, under Ireland’s data protection law.

Access the job candidate privacy notice template here

Employee, contractors and workers privacy notice

This privacy notice is for advising your employees, contractors and workers how you collect, handle, store and potentially also share, their data, as well as the rights that they have in relation to your activities, under Ireland’s data protection law.

Access the employee, contractors and workers privacy notice template here

Cookies policy

This policy is designed to sit alongside your website privacy notice and your website terms and conditions.

You should have a cookies policy that’s fully accessible on your website, as well as the standard cookie pop-up notice on your front/landing page.

Access the cookies policy template here

Guidance:

Data handling rules – and what GDPR means for small businesses

This guide teaches you the key facts of the GDPR and gives detail as to the main issues.

Access the GDPR small business guide here 

Essential steps to comply with Ireland’s data protection rules (GDPR)

This guide details the 14 essential steps that must be taken to comply with Ireland’s data protection laws, the GDPR.

Access the guide to GDPR compliance here 

GDPR checklist

A 14-point checklist for complying with the Irish data protection rules (GDPR)

This is an interactive checklist to help you keep track of the steps you’ve completed.

Access the 14-step GDPR-compliance checklist here

Data breaches under Irish data protection rules (GDPR) – What you need to know

This guide explains what a data breach is, what counts as a ‘notable’ breach, and what a notification of a data breach needs to include.

Access the guide to data breaches here

Do I need a data protection officer (DPO)?

This guide covers what a DPO’s duties are, who must appoint one, and who a DPO can be.

Access the guide to DPOs here

The right to be forgotten – what you need to know

This guide defines the right to be forgotten and explains where the right can and can’t be applied.

Access the guide to the right to be forgotten here

What does the Irish data protection rules (GDPR) mean for marketing activities?

This guide focuses on the GDPR’s impact on marketing activities within a business – and answers questions on what legitimate interests can be for communications and whether or not contacts can be held on email-marketing databases.

Access the guide to GDPR-compliant marketing here 

What is the accountability principle under the Irish data protection rules (GDPR)?

This guide lists the ways in which you can show you’re compliant with the GDPR, as made your responsibility by the law’s accountability principle.

Access the guide to the accountability principle here

What should you do if your business data has been compromised?

This guide lists the steps to take depending on the type of data compromise your business may have. It also shares some tips for preventing your data being compromised.

Access the guide to business data compromises here 

How to check your contracts comply with Irish data protection rules (GDPR)

This guide explains how you can ensure your contracts are GDPR compliant (besides the employment ones, which are covered in the guide above).

Access the guide to GDPR-compliant contracts here

Subject Access Requests (SARS) under the Irish data protection rules (GDPR), rights to rectification and the right to restrict processing

This guide informs you of when you’d need to provide the data after receipt of a Subject Access Request, it shows you how to respond to rectification requests and provides detail regarding data processing restrictions.

Access the guide to SARS here

Information to be provided to individuals under Irish data protection rules (GDPR)

This guide lists the 2 types of information that you must give to individuals to be compliant with GDPR legislation.

Access the guide to providing information to individuals here