Under GDPR the potential fines have increased from a maximum of £500,000 to €20 million euro or 4% of global annual turnover (whichever is the higher).
Under Article 39 of GDPR it is one of the responsibilities of the data protection officer to “monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits”.
The ICO has stated that to demonstrate compliance “you must implement appropriate technical and organisational measures that ensure and demonstrate that you comply. This may include internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies”.
With the implementation of GDPR it is more important than ever to ensure that your policies and procedures are up to date and your staff are trained on the requirements of data protection legislation. We are here to guide you through this process
Michael Black was recently involved in dealing with the Information Commissioner’s Office on behalf of a Subject Access Request issued to a school. This request covered both DPA and FOI issues.
Aisling Byrne has advised a number of clients on FOI and DPA issues and along with Michael Black, she has also provided training on these areas.