The Irish Data Protection Commissioner (DPC) has issued guidance on compliance with the General Data Protection Regulation (GDPR), which will come into force on May 25, 2018 and replace the existing European data protection framework under the EU Data Protection Directive. The new data privacy regime is expected to result in enhanced transparency, accountability, and individuals’ rights, while optimizing organizational approach to governance and management of data protection as a corporate issue.
The guidance, titled “The GDPR and You, General Data Protection Regulation, Preparing for 2018,” urges all organizations to not delay the preparation for the GDPR and to “immediately start preparing for the implementation of GDPR by carrying out a ‘review and enhance’ analysis of all current or envisaged processing in line with GDPR.” Proper preparation for the GDPR may help avoid regulatory fines, which can range up to €20,000,000 or 4% of total annual global turnover, whichever is greater.
The guidance consists of a checklist that aims to provide clear direction on how organizations can prepare for compliance with the GDPR in Ireland. However, organizations will find it useful when preparing for the GDPR anywhere in Europe. The checklist is organized around the following twelve points.