Data Protection Regulation

General Data Protection Regulation

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. It is designed to harmonize data privacy laws across Europe, in an increasingly data driven world. The aim is to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

Summary of Key Changes

Increased Territorial Scope (extra-territorial applicability)

The biggest change to the regulatory landscape of data privacy comes with the extended jurisdiction of the GDPR.  Applicable to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. It applies to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not. The GDPR will also apply to the processing of personal data of data subjects in the EU by a controller or processor not established in the EU, where the activities relate to: offering goods or services to EU citizens (irrespective of whether payment is required) and the monitoring of behaviour that takes place within the EU. Non-Eu businesses processing the data of EU citizens will also have to appoint a representative in the EU.

Penalties

Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement. Enforcement date: 25th May 2018

Consent

Conditions for consent have been strengthened. The request for consent must be given in an intelligible and easily accessible form (clear plain language), with the purpose for data processing attached to that consent. C It must be as easy to withdraw consent as it is to give it.​

Further Information at EUGDPR.ORG and www.dataprotection.ie

Read the Data Protection Commissioners Guide to help your business to be prepared

Our Commitment to Managing Your Data 

Dublin City Council is the data controller of the personal data your provide in your application.  The Data Protection Officer and can be contacted at Civic Offices, Wood Quay, Dublin 8; by email at dataprotection@dublincity.ie and by phone on 01 2223775.

The purpose for processing your data is process your application for services/supports via the Local Enterprise Office Dublin City. Relevant data will be shared with relevant parties on a business needs only basis. These parties are Local Enterprise Office Dublin Cities Evaluation Committee, The Economic and Enterprise Strategic Policy Committee, Enterprise Ireland, the Minister or a European Union auditor/inspector upon request.  

Personal data submitted to Local Enterprise Office Dublin City during the period 2006 – 2013, will be retained until 2020. Personal data submitted to Local Enterprise Office Dublin City during the period 2014 – 2020, will be retained until 2027.

If you do not furnish the personal data requested Local Enterprise Office/DCC will not be able to process your application for supports/services via Local Enterprise Office Dublin City. 

You have the following rights, in certain circumstances and subject to applicable exemptions, in relation to your personal data:

  • the right to access the personal data that we hold about you, together with other information about our processing of that personal data;
  • the right to require us to rectify any inaccuracies in your personal data;
  • the right to require us to erase your personal data;
  • the right to request that we no longer process your personal data for particular purposes;
  • the right to object to our use of your personal data or the way in which we process it;

Please note that to help protect your privacy, we take steps to verify your identity before granting access to personal data.

If you would like to exercise any of these rights, please submit a request to our Data Protection Officer outlining the specific details of the request:

Email: dataprotection@dublincity.ie  Tel: 01 2223775.  All valid requests will be processed without undue delay and in any event within one month of receipt of the request.  This period may be extended by up to two further months where necessary. Further information on Dublin City Council's privacy statement here 

The Local Enterprise Office is committed to its transparency obligations under the General Data Protection Regulation (GDPR). Our data protection notice, for personal data that is supplied to us by our clients is available at www.localenterprise.ie/legal . This notice contains important information about how we process personal data that is supplied to us by clients. We request that you read the notice carefully and that you ensure that it is made available to any data subjects (e.g. your employees) whose personal data you provide to us.

By accepting our Terms and Conditions you confirm that: (a) you have complied with your own data protection obligations in respect of the personal data that you supply to us and that you are entitled to disclose such personal data to us; and (b) you will ensure that a copy of our data protection notice (is sent to data subjects (e.g. your employees) whose personal data you provide to us.

 

Share: