The GDPR Regulation (EU) 2016/679 became effective on the same day as Ireland’s referendum on the Eight Amendment of the Irish Constitution. While most of the media attention centred on the referendum, the very significant changes introduced by the GDPR Reg passed into Irish law with limited public attention.
GDPR was the first significant European Union intervention into data protection and privacy since 1995 when Directive 95/46/EU was passed and introduced in Ireland through the Data Protection Acts 1988 and 2003. As GDPR is a Regulation, it has direct legal effect in Ireland and all other EU countries with any need for local legislation. As the Internet, mobile communications, and Social Media all extended globally since 1995, GDPR had much catching up to do!
While GDPR introduces significant increases in sanctions, fines, etc., it also imposes increased obligations on employers in relation to transparency and record-keeping. There are now much stricter rules around obtaining employee consent.
While GDPR impacts all aspects of our lives, some of the key provisions relating the employee in the workplace are:
- Stricter requirements for valid consent to data processing
- Enhanced rights for individuals
- Reduced time period for dealing with individual’s rights
- Obliging businesses to be clearer about how they use personal data
- Notification of data breaches within 72 hours of occurrence
- Right to Compensation for individuals
- Increased penalties for non-compliance
The Data Protection Commissioner has prepared an excellent document explaining the implications of GDPR for the individual – it can be accessed at:
https://www.dataprotection.ie/docimages/documents/The%20GDPR%20and%20You.pdf