Posts Tagged ‘GDPR’

GDPR News – Facebook Fined for Data Breach

Monday, July 16th, 2018

Last week it was announced that Facebook was fined €565,000 for data breach relating to the Cambridge Analytica scandal. There appears to be a mixed reaction to this news with many highlighting how small the fine is when compared to the net value of the company, estimated at over €500 bn.

An important aspect to this story is the timing of the breach. On 25th May 2018 the GDPR regulation came into force. This regulation introduces significant changes to the way companies gather, process and retain personal data with penalties of up to 4 % of the company annual turnover (or €20 million whichever is the higher) for data breach.

The Cambridge Analytica scandal however, occurred before these tougher penalties were brought in. If the same breach was identified today just five months after the this scandal was first exposed by the Guardian and the New York Times, the potential of the fine could have been €20 million.

This is a timely reminder to businesses that the GDPR is a significant legal change to the way companies use and retain personal data. If you need advice on your GDPR implementation strategy, get in touch with our GDPR project team at Voltedge Management, email us on compliance@voltedge.ie to speak to one of our experts.

Voltedge News

Monday, May 21st, 2018

In line with the new Data Privacy and Protection requirements under GDPR regulations, Voltedge Management has published our Privacy Statement, a copy of which can be found on our website.

Privacy Statement

About

We respect your right to privacy and take seriously our responsibilities in relation to the processing of personal data. We do not collect or process personal data unnecessarily.

This privacy statement sets out important information about your rights in relation to the processing of your personal data, and the basis on which any personal data we collect from you, or that you provide to us, will be processed in connection with your use of our website and our services.

Under this policy, we adhere to the principles of the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) of the personal data you provide to us.

What information do we collect about you?

We collect information about you when you instruct us to provide advice; visit our website; subscribe to our newsletters or to receive our publications; apply for employment with us; attend one of our seminars; and engage in business dealings with us.

The information you give us during your dealings with us may include:

  • Identity Data: your full name, address, e-mail address, phone number, address, age, identification, title and personal description.
  • Financial Data: your financial, including bank account details, billing contact email address and VAT number.

The information we automatically collect about you:

When you visit our website, a record of your visit is made. That data is used completely anonymously, to determine the number of people who visit our website and the most frequently used sections of the site. This enables us to continually update and refine the site. If you use any forms on the website to send an email to us, a record will also be made of your email address and your telephone number.

No special categories of personal data

We do not require or collect any personal data that is your sensitive personal data or any special category of personal data under the GDPR, unless you decide to provide this information to us.

Cookies

We do not currently use Cookies on our website.

Where is the information stored?

We store information in several different ways, some may be physical in which case it is stored securely in access-controlled areas within our offices, or electronically in which case we utilise the services of cloud server providers which are currently based within the EEA.

We endeavour to ensure these providers comply with the regulations and best practices of Data Protection and Privacy.

How will we use the information about you?

We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract, we are about to enter or have entered with you.
  • Where it is necessary for our legitimate interest (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

We have set out below, in table format, a description of the ways we utilise your personal data and the legal basis for doing so. We have also identified our legitimate interests where appropriate:

Purpose/Activity

Legal basis for processing

To respond to your queries and to provide you with the information you request from us in relation to our Services. – Necessary for our legitimate interests (to respond to new or existing customer queries and grow our business)
– Performance of a contact with you
– Necessary to comply with a legal obligation
To provide our Services to you. – Necessary for our legitimate interests (to respond to new or existing customer queries and grow our business)
– Performance of a contract with you
– Necessary to comply with a legal obligation
To manage payments, fees and charges and to collect and recover money owed to us. – Performance of a contract with you
– Necessary for our legitimate interests (to recover debts due to us)
– Necessary to comply with a legal obligation
To manage our relationship with you, including notifying you about changes to our Services or our Privacy Policy. – Performance of a contract
– Necessary to comply with a legal obligation
– Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services).
To provide you with information about services we offer that are like those that you have enquired about. Necessary for our legitimate interests (to develop our products or Services and grow our business)
Where you have given us your consent to do so, to provide you with information about other services we feel may interest you. Consent
To ensure that content is presented in the most effective manner for you and for your computer or device. Necessary for our legitimate interests (to keep our Site and the Services updated and relevant and to develop and grow our business).
To administer and protect our business, our Site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. Necessary for our legitimate interests (for running our business and as part of our efforts to keep our Site and the Services safe and secure).
To use data analytics to improve or optimise our Site, marketing, customer relationships and experiences. Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site and the Services updated and relevant, to develop and grow our business and inform our marketing strategy).
To measure or understand the effectiveness of advertising we serve to you and others, and, where applicable, to deliver relevant advertising to you. Necessary for our legitimate interests (to study how customers use our products or Services, to develop them, to grow our business and to inform our marketing strategy).

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at compliance@voltedge.ie. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with this Policy, where this is required or permitted by law.

How long we keep your information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that the period for which we store your personal data may depend on the type of data we hold. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For more information about our data retention policies please contact us at compliance@voltedge.ie.

Will we disclose your data?

We do not sell your personal information to third parties for marketing purposes. We may disclose information to third parties if you consent to us doing so as well as in the following circumstances:

You agree that we have the right to share your personal information with the following recipients or categories of recipients:

  • Any department or authorised person within our company.
  • Selected third parties including:
    • business partners, suppliers and sub-contractors for the performance of any contract we enter with them or you in relation to our Services;
    • analytics and search engine providers that assist us in the improvement and optimisation of our Site;

We will disclose your personal information to third-party recipients:

  • in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of our business or assets.
  • if Voltedge or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • if we are under a duty to disclose or share your personal data in order to comply with any law, legal obligation or court order, or in order to enforce rights under the GDPR or other agreements.
  • to protect our rights, property or safety, our customers, or others. This includes exchanging information with other companies and organisations for the maintenance and security of the Site and Services.

International Transfers

Personal Data may be transferred to our trusted partners and service providers who maintain their servers outside of the European Economic Area (“EEA”), where the privacy and data protection laws may not be as protective as those in your jurisdiction. This is only for the purposes of providing, and to the extent necessary to provide our Services to you. There are special requirements set out under Chapter V of the GDPR (with which we would comply) to regulate such data transfers and ensure that adequate security measures are in place to safeguard and maintain the integrity of your personal data on transfer.
For more information about this and the safeguards in place relating to the transfer, please contact us by email at compliance@voltedge.ie.

Security Measures

We take our Data Security responsibilities seriously, employing the most appropriate physical and technical measures necessary, including staff awareness and training on Data Awareness and Privacy. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Although we endeavour to safeguard your personal data, we cannot guarantee the security of data transmitted to us by means of email, or any such transmission of electronic data. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your Personal Data and your Right

Accessing your Personal Data

Under article 15 of the GDPR you have a right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information please email compliance@voltedge.ie. or write to Voltedge Management Limited, Suite 9, The Old Station House, 15a Main Street, Blackrock, Co. Dublin. We will need to verify your identity and may request more information or clarifications from you to help us locate and provide you with the personal data requested.

Other Data Subject Rights

In compliance with the GDPR we will respond to requests from Data Subjects in relation to the following rights:

  • The right to rectification (Article 16 & 19 of the GDPR)
  • The right to erasure / the right to be forgotten (Article 17 & 19 of the GDPR)
  • The right to data portability (Article 20 of the GDPR)
  • The right to object (Article 21 of the GDPR)
  • The right of restriction (Article 18 of the GDPR)
  • Rights in relation to automated decision making, including profiling (Article 22 of the GDPR)

The rights listed above are personal rights and are exercisable only by the individual person (or data subject) concerned. To exercise any of these rights, at any time, please email compliance@voltedge.ie.

Marketing Communications

We will not use your data to send marketing communications to you about promotions, competitions, updates and new products or services that may be of interest to you, unless we have your permission to do so.

Your right to amend or object.
You have the right to amend or object to the processing of your personal data for our marketing purposes. To amend or object or if you change your mind at any later time, you can withdraw your consent to the processing of your personal data for such marketing purposes by contacting us at compliance@voltedge.ie.. You may also opt out of receiving marketing communications at any time by selecting the unsubscribe option when you receive an electronic marketing communication from us. The withdrawal of your consent will not impact upon the lawfulness of processing based on your consent prior to the withdrawal.

Other Websites

Our website may contain links to other sites and any external links will be identifiable as such. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policy.

Changes to this Statement

Please review the website regularly as this statement may change from time to time.

Questions or Complaints

If you have any questions about our privacy statement or information we hold about you, please contact:

Voltedge Management Limited
Suite 9,
The Old Station House,
15a Main Street,
Blackrock,
County Dublin.

T: +353 (0)1 525 2914
E: compliance@voltedge.ie.

We are committed to complying with the terms of the GDPR and to the processing of personal data in a fair, lawful and transparent manner. If, however, you believe that we have not complied with our obligations under the GDPR, you have the right to lodge a complaint with the Office of the Data Protection Commissioner.

Prepare for GDPR Requirements

Monday, May 21st, 2018

With only days to go for the GDPR implementation date, we are seeing an increase in demand for HR Consultancy services. But do these actions offer HR an opportunity to encourage a more protective and open environment for employees to raise data privacy issues?

While there is much speculation and debate on the deterrents of non-compliance to GDPR (particularly the heavy fines which may be incurred) there appears to be little on its opportunities.  Will companies use this regulation to create a culture through their policies, employee handbooks and procedures which encourages employees to make data breach disclosures or will the emphasise be on the consequences of disciplinary action for such a breach thus creating a culture where they remain “hidden” until it is too late to take remedial action?

GDPR requires a fundamental change in how personal data is managed. Data breach reporting  is just one example where  the increased accountability and transparency requirements of the regulation require employee support in order to be successful.

We are currently working with a number of organisations, from micro businesses of just a handful of employees to SME’s of 100+ employees, assisting them to take the necessary steps on the GDPR compliance journey.

HR has a significant role to play to ensure personal data of their employees is gathered and stored in the correct manner.

We also provide full GDPR Project Management support for companies, do get in touch with us and we can arrange a scoping meeting. For more information on what action you need to take, contact us on info@voltedge.ie or phone 01 5252914, our GDPR expert team of Project Managers can assist you.

How Can Companies Become GDPR Compliant – In a Nutshell

Monday, April 16th, 2018

With only 6 weeks to go before the GDPR regulations come into force ie on the 25th May 2018, how do companies set about meeting their obligations as employers, suppliers and clients?

Here in Ireland, we have been managing data already through the current EU Data Protection Directive, but yet very few companies understand the GDPR requirements or even if they are data processors or data controllers.

With so much in the news about personal data and data breaches globally in the last few weeks, this question is one all companies are asking themselves. But how do companies know if it will affect them, and what it is they need to do to ensure they are compliant with the regulations?

In summary, here are the six “How”principles of GDPR (Article 5) setting out how personal data shall be processed:

  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality

And the six legal bases for processing data (Article 6) which means businesses must have a lawful reason for processing personal data. So to process the data you need to meet one or more of the following legal bases:

  1. Consent
  2. For the performance of a contract
  3. Compliance with a legal obligation
  4. Vital interests
  5. Public interest
  6. Legitimate interests, unless this overrides the individual’s rights and interests

We understand that this is challenging, and the specifics of the new regulations are not easy to get to grips with. At Voltedge Management we have developed a GDPR team, pooling HR expertise, GDPR expertise and Project Management expertise, and have designed a Project Management GDPR Model for employers. We are now in a position to lead out your GDPR Compliance project, identifying clear comprehensive steps and milestones you need to take in order to becoming GDPR compliant.

Give us a call on 01 5252914 or email us on info@voltedge.ie and we’d be delighted to talk to you about how we can help you on your GDPR journey.

 

Voltedge Management

Get your Business and HR Ready for GDPR Compliance

Monday, February 19th, 2018

With the GDPR deadline fast approaching (May 25th 2018) Voltedge Management has been busy developing a full range of GDPR support services for our clients, to ensure compliance from a HR perspective.

  • We have a new Data Protection Policy for handbooks.
  • Updated clauses for employment contracts.
  • Step by step GDPR Guidelines on what to do regarding current employee data and records.

In addition to our HR supports, we also have developed GDPR Compliance Project Management Services, and have trained resources available to lead and coordinate with both internal and external stakeholders to define, plan and drive GDPR across the business to ensure GDPR compliance.

The services will span across the technical and operational functions that need to be addressed including the various systems/platforms, business process and documentation across the organisation. The Project Manager can work alongside existing GDPR teams or develop a GDPR Compliance Road Map if necessary.

With less than 14 weeks to go, don’t delay in getting in touch today with our Operations Manager Ingrid O’Sullivan to discuss this further. Call us on 00353 1 5252914 or email info@voltedge.ie