Support: 01 5241350

Complimentary IT Assessment | Get a Quote

Do the Data Protection Acts 1988 to 2003 affect your company?

Most people have heard of the term data protection, generally in the context of large scale data breaches such as those that have been reported in relation to Bank of Ireland, the HSE and the GAA. So what do the Data Protection Acts really mean for the average company?

Below you will find a short guide to what you should think about in relation to data protection to ensure that you comply with the Acts. Most importantly we have outlined what the Data Protection Commissioner advises in relation to keeping your data safe and secure. iPing Limited would be happy to advise you on the best methods for securing your data, computers and network.

Ask yourself the following questions in relation to your company?

  1. Is your company a data controller? i.e. does your company CONTROL the contents and use of personal data? Bear in mind that personal data is any data relating to a living identifiable individual.
  2. Does your company PROCESS personal data on behalf of a data controller? Consider that the meaning of process is very wide under the acts and covers practically any use or storage of data.
  3. Does your company process SENSITIVE data? Sensitive data is data relating to a person’s racial or ethnic origin, to their political opinions, to a person’s religious or philosophical beliefs, to a person’s trade union membership, to a person’s physical or mental health or to information relation to any proceeding relating to an office committed.

If you fall into any of the above three categories, you need to consider whether you need to REGISTER with the Data Protection Commissioner. ( For more information see www.dataprotection.ie) Certain categories of businesses are exempt, are you one of these? If not, your failure to register is an offence.

COMPLIANCE CHECKLIST WITH DATA PROTECTION OBLIGATIONS

  • Your company should analyse what categories of records containing personal data it holds e.g. employment records, financial information, medical records.
  • Are the individuals to whom the data relates aware that this data is being held?
  • Have you told the data subject what use you make of his/her personal data?
  • Is all data collected relevant to the purpose for which it is processed?
  • Do you have adequate security measures in place to protect personal data?
  • Do you have appropriate procedures in place to ensure that personal data is kept up to date?
  • Do you have a defined policy on retention periods for your personal data?
  • Do you have a data protection policy in place, including data protection notices?
  • Have you a plan for what would happen if there was a breach of personal data?
  • Do you have procedures in place for handling requests from individuals?
  • Is your staff trained appropriately in data protection?
  • Do you regularly review and audit the data which you hold?

HOW CAN iPING LIMITED HELP YOU….

Under the Data Protection Acts personal data must be kept SAFE AND SECURE. Your company has a duty to secure the data which it controls. The consequences of failure can be serious for both you and the person to whom the data relates.

Your company should have appropriate security measures taken against unauthorised access to, alteration, disclosure, or destruction of personal data to comply with the Acts.

The Data Protection Commissioner has given some guidelines in order to ensure you comply:

ACCESS CONTROL:

  • The Commissioner recommends the use of passwords, smart cards or other forms of identity authentication
  • What data does your staff need access to? Consider whether your staff should only have access on a need to know basis…
  • Access logs and audit trails

TECHNICAL SECURITY:

  • Consider whether your data should be encrypted, have you adequate anti -virus software installed, do you need a firewall?
  • Do you have automatic screen savers on your staff’s computers, do they lock after periods of inactivity?
  • Have you your data backed up?
  • What is your disaster recovery plan?
  • Take care with wireless networks and remote access

REMOVABLE DEVICES: How many data breaches have we all read in the papers which related to the loss of a laptop? Laptops are probably the most vulnerable device to theft or accidental loss. The Commissioner therefore recommends you restrict the extent of personal data held on such devices, and ensure they have the same security measures as on site devices. Ensure data is backed up onto the main system and delete data from the device once it is no longer needed.

THE HUMAN FACTOR:

  • Make your staff aware of your clearly defined security policy
  • Prohibit the writing down or sharing of passwords
  •  Email attachments should not be opened prior to anti-virus screening

PHYSICAL SECURITY:

  • It may be obvious but make sure your office is locked and alarmed at the end of the day.
  • Consider the location of your computers and ensure screens are not visible to members of the public.
  • Be careful with how you dispose of print-outs etc – always shred personal or sensitive data.

TAKE NOTE: Your company has a continuing obligation to keep data secure in line with current technological developments.

If you need our advice on how to keep your data SAFE AND SECURE, email Mark in iPing at This email address is being protected from spambots. You need JavaScript enabled to view it. or call us on 01 5241350.

* Disclaimer The above is for information purposes only and does not represent legal advice.