Irish Data Protection Act 2018
The Trust Challenge

Key Obligation and Consequences

Controllers are responsible for compliance with a set of core principles which apply to all processing of personal data. Under these principles, personal data must be.

  • Processed lawfully, fairly and in a transparent manner (the "lawfulness, fairness and transparency principle").
  • collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with.
  • Those purposes (the "purpose limitation principle").
  • Adequate, relevant and limited to what is necessary in relation to the purpose(s) (the "data minimization principle").
  • Accurate and where necessary kept up-to-date (the "accuracy principle").
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purpose(s) for which.
  • the data are processed (the "storage limitation principle")
  • Processed in a manner that ensures appropriate security of the personal data, using appropriate technical and
  • Organizational measures (the "integrity and confidentiality principle").

The controller is responsible for and must be able to demonstrate compliance with the above principles (the "accountability principle"). Accountability is a core theme of the GDPR. Organizations must not only comply with the GDPR but also be able to demonstrate compliance perhaps years after a particular decision relating to processing personal data was taken. Record-keeping audit and appropriate governance will all form a key role in achieving accountability.

The DP Act requires enhanced “suitable and specific” measures to be implemented in relation to certain processing activities. In such cases, enhanced data security measures (including logs / audit trails and encryption) are listed in section 36 of the DP Act as one example of such measures.

Implement data protection by design and by default approaches to ensure the security and confidentiality of personal data.

The Trust Challenge

Key Challenges in brief:

The controller must notify a breach to the supervisory authority without undue delay, and where feasible, not later than 72 hours after having become aware of it, unless the controller determines that the breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the personal data breach is likely to result in a high risk to natural persons, the controller is also required to notify the affected data subjects without undue delay.

The Irish DPA provides the same rights to data subjects with respect to their personal data as that of the GDPR. These rights give data subjects control over their data and may be processed under particular conditions and limitations.

  • Right to be informed: Data subjects have the right to be informed of when and how their data is being used and collected. This refers to the obligation of the data controller to inform and notify any relevant details to the data subjects for any important action taken on their data.
  • Right to access: On a request of the data subject, an organization must provide data subject access to his/her personal data and information about the ways personal data has been or may have been used, disclosed, or processed by the organization.
  • Right to restriction of processing: This right applies when the accuracy of data is contested by the data subject and when processing is unlawful and the data subject opposes the deletion of the data. Data subjects need to be informed before any such restriction is lifted.
  • Right to data portability: The right to data portability allows data subjects to receive their personal data for their own purposes across different services in a structured and commonly used format.
  • Right to object: As per the Irish DPA, this right shall not apply to processing carried out in the course of electoral activities in the state by a political party, or a candidate for election to, or a holder of, elective political office in the state and by the Referendum Commission in the performance of its functions.
  • Right to Erasure: The right to erasure gives consumers the right to request deletion of all their data stored by the organization. Not only are organizations supposed to comply within 45 days but are also required to deliver a report on the deleted information to the consumer.
  • Right to rectification: Data subjects have a right to rectify and correct inaccurate personal data held by the organization.
Win-Win Situation

Solutions

Our AI-based, patented solution, TurtleShield PI (Privacy Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments. TurtleShield DI (Data Inventory) enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.

Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

TurtleShield DM (Data Minimization) helps businesses minimize excess data and adhere to data minimization principle. This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets to scan for excess data using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the unwanted data and legal cost of having it with respect to regulatory compliance.

With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Search capability in large datasets to fulfill data subject requests in totality and at rapid space. Assumption that data only exists in databases and nowhere else is often not reality as customer data exists in many sources. Using Machine learning and AI we crawl across data sources and predict where PII can exist.

The Trust Challenge

Key Obligations & Consequences

Pointer

Data Protection Principles:

Controllers are responsible for compliance with a set of core principles which apply to all processing of personal data. Under these principles, personal data must be.

  • Processed lawfully, fairly and in a transparent manner (the "lawfulness, fairness and transparency principle").
  • Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with.
  • Those purposes (the "purpose limitation principle").
  • Adequate, relevant and limited to what is necessary in relation to the purpose(s) (the "data minimization principle").
  • Accurate and where necessary kept up-to-date (the "accuracy principle").
  • Kept in a form which permits identification of data subjects for no longer than is necessary for the purpose(s) for which.
  • The data are processed (the "storage limitation principle")
  • Processed in a manner that ensures appropriate security of the personal data, using appropriate technical.
  • Organizational measures (the "integrity and confidentiality principle").

The controller is responsible for and must be able to demonstrate compliance with the above principles (the "accountability principle"). Accountability is a core theme of the GDPR. Organizations must not only comply with the GDPR but also be able to demonstrate compliance perhaps years after a particular decision relating to processing personal data was taken. Record-keeping audit and appropriate governance will all form a key role in achieving accountability.

Pointer

Data Security:

The DP Act requires enhanced “suitable and specific” measures to be implemented in relation to certain processing activities. In such cases, enhanced data security measures (including logs / audit trails and encryption) are listed in section 36 of the DP Act as one example of such measures.

Pointer

Data Protection by Design:

Implement data protection by design and by default approaches to ensure the security and confidentiality of personal data.

The Trust Challenge

Key Challenges in brief:

Pointer

Data Breach Notification

The controller must notify a breach to the supervisory authority without undue delay, and where feasible, not later than 72 hours after having become aware of it, unless the controller determines that the breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the personal data breach is likely to result in a high risk to natural persons, the controller is also required to notify the affected data subjects without undue delay.

Pointer

Fulfillment of Data Subject Rights

The Irish DPA provides the same rights to data subjects with respect to their personal data as that of the GDPR. These rights give data subjects control over their data and may be processed under particular conditions and limitations.

  • Right to be informed: Data subjects have the right to be informed of when and how their data is being used and collected. This refers to the obligation of the data controller to inform and notify any relevant details to the data subjects for any important action taken on their data.
  • Right to access: On a request of the data subject, an organization must provide data subject access to his/her personal data and information about the ways personal data has been or may have been used, disclosed, or processed by the organization.
  • Right to restriction of processing: This right applies when the accuracy of data is contested by the data subject and when processing is unlawful and the data subject opposes the deletion of the data. Data subjects need to be informed before any such restriction is lifted.
  • Right to data portability: The right to data portability allows data subjects to receive their personal data for their own purposes across different services in a structured and commonly used format.
  • Right to object: As per the Irish DPA, this right shall not apply to processing carried out in the course of electoral activities in the state by a political party, or a candidate for election to, or a holder of, elective political office in the state and by the Referendum Commission in the performance of its functions.
  • Right to Erasure: The right to erasure gives consumers the right to request deletion of all their data stored by the organization. Not only are organizations supposed to comply within 45 days but are also required to deliver a report on the deleted information to the consumer.
  • Right to rectification: Data subjects have a right to rectify and correct inaccurate personal data held by the organization.
Win-Win Situation

Solutions

Pointer

Data discovery, inventory and mapping: Our AI-based, patented solution, TurtleShield PI (Privacy Intelligence) discovers all personal and sensitive data in structured and unstructured data systems across on-premises and multi-cloud environments.
TurtleShield DI (Data Inventory) enables organizations to inventory & map their entire “Data footprint”, enabling them to protect what matters the most.

Pointer

Third party Privacy Intelligence (monitors third party sharing): Often there are silos within entities or business and IT teams and it is challenging to get a full picture of data going outside organization and which is coming into organization, especially when data is shared with third parties, vendors, business partners and much more. Our TurtleShield PI (Privacy Intelligence) creates a data map based on your “data sharing”, to facilitate you to take action on it.

Pointer

Data Minimization: TurtleShield DM (Data Minimization) helps businesses minimize excess data and adhere to data minimization principle. This is data hygiene control and we are approaching it from a risk reduction and compliance perspective. We scan large data sets to scan for excess data using Machine Learning and find out excess data including personal data. This can eliminate operational inefficiencies and save cost by removing the unwanted data and legal cost of having it with respect to regulatory compliance.

Pointer

Right to be Forgotten (RTBF) with Assured Deletion: With TurtleShield RTBF (Right to Be Forgotten) provides the businesses the capabilities to comply with mandatory deletion of personal data by providing the capabilities to delete the data on request along with the validation of the deletion.

Pointer

Enable Data subject rights with cost savings and compliance in totality: Search capability in large datasets to fulfill data subject requests in totality and at rapid space. Assumption that data only exists in databases and nowhere else is often not reality as customer data exists in many sources. Using Machine learning and AI we crawl across data sources and predict where PII can exist.

Featured News & Blogs

Be the first to catch our latest updates,
happenings and more.

Follow us