October Friday Briefing on Data Protection

18 Oct 2017

GDPR Friday Briefing

The Congress October Friday Briefing was delivered by Laura Flannery from the Office of the Data Protection Commissioner.   Laura gave an overview of the General Protection Data Regulations (GDPR) which comes into effect on 25 May 2018.  The briefing was fully subscribed with over 40 representatives of our affiliated trade unions in attendance.

Laura strongly emphasised the necessity for organisations to have proper data protection policies in place with this information provided in an user-friendly, easily accessible language, particularly when children are involved.

She reiterated the eight main principles regarding the holding of information on subjects:

  1. Obtain and process information fairly;
  2. Keep it only for one or more specified, explicit and lawful purposes;
  3. Use and disclose it only in ways compatible with these purposes;
  4. Keep it safe and secure;
  5. Keep it accurate, complete and up-to-date;
  6. Ensure that it is adequate, relevant and not excessive;
  7. Retain it for no longer than is necessary for the purpose or purposes;
  8. Give a copy of his/her personal data to that individual on request.

 The protection of data integrity is essential, and Laura outlined three methods of ensuring this:

  1. Pseudonymisation – (replacing any identifying characteristics of data with a pseudonym, or, in other words, a value which does not allow the data subject to be directly identified);
  2. Anonymisation (processing data with the aim of irreversibly preventing the identification of the individual to whom it relates;
  3. Cryptography   (a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it).

Laura drew particular attention to the fact that Trade Union Membership falls under the category of ‘sensitive data’ for the purposes of the Act.

Under the GDPR, from May 2018 fines of up to €20 million or 4% of group worldwide turnover (whichever is greater) against both data controllers and data processors can be imposed on a company for failure to comply with legislation.

There were had a number of questions from the audience regarding trade union membership, the conducting of ballots, DAS and Laura answered all these in an informative way.

Under the GDPR, Laura advised that it was best to take a ‘common sense’ approach, and that people who are currently compliant won’t find it difficult to address the additional elements introduced by the GDPR.  When looking at the regulations she recommended that each union put in place and document its own Data Protection Policy, however she said that unions would have a lot of common issues around data protection and should look at liaising with one another in terms of a common policy.

You can find out more about the GDPR in The Congress Guidelines.

Also please refer to www.gdprandyou.ie