Lose Personal Information At Your Peril
Posted on 9th October 2019 at 21:49
The General Data Protection Regulations came into effect last year. Their general effect is, that if any person holds data (personal information) which identifies any other individual, they have a legal duty to keep that data safe.
If that data is sent to third parties, without the other individuals consent, then you can be reported to the Data Protection commissioner who has the power to hit you with a very substantial fine.
More importantly, the person whose data has been breached can sue in the civil courts. Compensation of up to €15,000 is being awarded. Do you have data protection procedures? Have your clients/customers given their consent for you to release their data? If not, you could be at serious risk.
Every business, whether they are a sole trader or a small company, will have staff who handle the personal information of either their customers or their employees. If you provide goods and services for other businesses, it could be that you hold the personal information of the Directors, from the businesses that you deal with.
This is especially the case, where you are required to obtain personal information, such as photographic identification and utility bills showing the persons’ name and address, to comply with anti-money laundering legislation. Without even realising it, you consequently become liable for the personal data that you hold.
You also need to check out a number of things when obtaining the services of online companies. Online companies, even those based outside of the European Union, are now likely to have dedicated E.U. services, with their cloud software based primarily in E.U. data centres.
The difficulty is, that while these are the primary data centres for your E.U. business, their backups could be outside of the European Union jurisdiction. You need to get confirmation from the service provider, that this is not the case, prior to signing up to a service.
Regardless, of whether or not you have difficulty obtaining confirmation from the service provider, especially where they are a non-European service provider, you still require the consent of the people from whom you have obtained personal information.
For that reason, these consents should be obtained in up-to-date contracts that you sign with your customers, clients and of course, your employees. You may need to get specific consents if the contract that you are relying on is an older contract.
As previously outlined, the potential fines for breaches of the Data Protection Act 2018 are severe.
Not only can you be fined by the Data Protections Commissioner but you may also end up on the wrong end of a Circuit Court application for damages by an individual who has had their data protection rights infringed. All as a result of actions by you, your employees or somebody with whom you have transacted business.
If you have any queries in relation to Data Protection (GDPR) please contact Marcus Lynch, Solicitor, email marcus.lynch@lynchlaw.ie, call 01 873 2134 or fill in the ‘Contact Us’ form on www.lynchlaw.ie.
Share this post: