RIADXIreland is an outsourced provider of IT Support to small (SOHO) and medium sized business. We offer a range of remote services and contracts to help manage time and expense.
Our engineers are all experienced in Windows, Networks, Broadband and Wireless and all security aspects of keeping your data safe. Their aim is to make sure that your office is productive at all times.
All work completed is guaranteed and come with a no quibble excuse promise.
Our aim is to leave you smiling when we leave your office. Our team is Irish based and available to log in.
If you would like to receive a free on-site IT survey then contact us today.
* (subject to Terms and Conditions)
________________________
Operating across Dublin since 2004
GDPR Compliance Information
What is the GDPR?
The General Data Protection Regulation is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data. It came into effect on 25 May 2018.
What information does the GDPR apply to?
Does the GDPR only apply to EU organisations?
How can I prepare?
Getting ready for the GDPR – a practical self-assessment tool
Our 12 steps to take now checklist and
A dedicated advice line for small organisations.
My firm employs fewer than 250 people. Am I exempt from the GDPR?
Do I need to appoint a data protection officer (DPO)?
Can I have specific guidance for my sector
What are the rules under the GDPR for subject access requests?
Can you help me decide what to include in my privacy notice?
concise, transparent, intelligible and easily accessible
written in clear and plain language, particularly if addressed to a child; and
free of charge.
What are your criteria for issuing monetary penalties? in her blog post of 9 August 2017.
The controller’s adherence to codes of conduct and approved certification mechanisms
The extent to which the data controller notified the supervisory authority of the infringement and co-operated with it.
How do I access the ICO’s advice services?
Do I always need consent?.
Is parental consent always required when collecting or processing children’s personal data?
offering information society services (ISS) directly to children; and
wishes to rely on consent as its basis for processing. and asks for comments on her draft Children and GDPR guidance.
When does the right to data portability apply?
to personal data an individual has provided to a controller;
where the processing is based on the individual’s consent or for the performance of a contract; and
when processing is carried out by automated means.
What is large-scale processing?How do we know if we’re a processor or controller?
I want to know more about the rules on security under the GDPR
Does my organisation need to register under the GDPR?
The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. You can find more detail in the key definitions section of our Guide to the GDPR.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
You can find the latest ICO guidance on the new legislation in our Guide to the GDPR.We will regularly update it and you can check it for the latest position.
We are also here to help. As well as these FAQs, we’ve created a package of tools aimed at small and micro businesses:
The GDPR is an evolution of the existing law. If you are already complying with the terms of the Data Protection Act 1998, and have an effective data governance programme in place, then you are already well on the way to being ready for the GDPR.
Our Deputy Commissioner Steve Wood explains how the GDPR need not be a burden
You’ll have to comply with the GDPR regardless of your size, if you process personal data.
Size is a factor in a range of areas including the requirement to maintain records of processing. There’s more information about documentation in our Guide to the GDPR.
Under the GDPR, you must appoint a DPO in certain circumstances. There’s a section on DPOs and when they need to be appointed in our Guide to the GDPR.
Our guidance focuses on the general application of the GDPR. But we are engaging with representatives from a variety of sectors to provide sector-specific advice which could inform key pieces of guidance produced by influential industry bodies.
The right of access under the GDPR contains important differences around fees, time limits, refusals, electronic format, refining requests and method of access. There’s more detail in the Individual rights section of the Guide to the GDPR.
The GDPR sets out the information that you should supply and when individuals should be informed.
The information you supply about the processing of personal data must be:
There’s more information in our Right to be informed section of the Guide to the GDPR.
Further advice is available in our code of practice on privacy notices.
Heavy fines for serious breaches reflect just how important personal data is in a 21st century world.
Information Commissioner Elizabeth Denham explains more about fines under the GDPR
There are certain criteria that need to be assessed before imposing a fine, many of which are similar to those the ICO would consider when determining whether to impose a penalty under the DPA, such as: the number of people affected, any damage to the data subjects, the negligent or intentional nature of the infringement and action taken by the data controller to mitigate the damage.
However, the GDPR has introduced some new criteria, such as:
Europe-wide guidance on administrative fines
We’re also in the process of updating our regulatory action policy to reflect the new law.
As well as fines we will have other tools to help us change the behaviour of organisations such as warnings, reprimands or corrective orders. We will always exercise our powers proportionately and judiciously.
We’ve set up a dedicated advice line for small organisations. But you can also get in touch via live chat or email. Click on the ‘Contact us’ link on the blue footer from any page of the ICO website.
In short, no. Consent is one lawful basis for processing, but there are five others. Consent won’t always be the easiest or most appropriate.
You can get more information about all the lawful bases in our Guide to the GDPR.
You should always choose the lawful basis that most closely reflects the true nature of your relationship with the individual and the purpose of the processing. If consent is difficult, this is often because another lawful basis is more appropriate, so you should consider the alternatives.
It’s your responsibility to identify a lawful basis for processing under the GDPR.
There are also checklists on consent to help in the Guide to the GDPR.
The GDPR contains new provisions intended to enhance the protection of children’s personal data, in particular, privacy notices and parental consent for online services offered to children.
Article 8 imposes conditions on children’s consent, but it does not require parental consent in every case. Other lawful bases may still be available. Article 8 only applies when the controller is:
So if an ISS is actually intended for parents to use, or if the controller is relying on a different lawful basis such as legitimate interests, then Article 8 won’t apply.
We’ve included a section covering this topic in our Guide to the GDPR. Information Commissioner Elizabeth Denham explains more about children’s consent in her blog from 21 December 2017
The right to data portability only applies:
There’s more detail in the Individual rights section of the Guide to the GDPR.
The GDPR does not define what constitutes large-scale processing. However, processing may be on a large scale where it involves a wide range or large volume of personal data, where it takes place over a large geographical area, where a large number of people are affected, or it is extensive or has long-lasting effects. In many cases it is unlikely that small organisations will be processing on a large scale processing.
Examples of large scale processing can be found in question 3 of the Article 29 Working Party FAQs on data protection officers.
A controller determines the purposes and means of processing personal data.
A processor is responsible for processing personal data on behalf of a controller.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
There’s more information in the Key definitions section of our Guide to the GDPR.
You can use our Getting Ready for the GDPR self assessment tools to help you prepare, which is part of our Data protection self assessment toolkit.
The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. It requires that appropriate technical or organisational measures are used. You can find more guidance in the security section of our Guide to the GDPR.
If you needed to register under the Data Protection Act 1998, then you will probably need to register, and pay a relevant fee, under the Data Protection (Charges and Information) Regulations 2018.
The new Regulations came into force on 25 May 2018.
You can find more detail in our Guide to the Data Protection Fee.