DATA PROTECTION & FOI
We provide data protection legal advice, training and consulting services in a results-focused manner. We specialise in data protection projects and work with state bodies, private companies and multinationals to deliver cost effective, practical and commercially-focused data protection solutions.
Having a strong data protection programme in place makes good business sense as it will lower your risk from cyber-attacks, insider threats, disgruntled employees, or data subjects. It may also reduce the instances involving complaints to the Data Protection Commission. Our team members are passionate about privacy. We will help you to build a culture of compliance within your organisation and to demonstrate accountability.
We offer a full suite of data protection services including:
DATA COMPLIANCE ASSESSMENTS
Before you can design a privacy programme, you need to understand where you currently stand in terms of compliance. We can work with your team to assess current compliance levels in your organisation and provide a clear report setting out the steps you should take and highlighting any risks. We can help you draft your privacy project plan, assist with data inventories and data mapping to assess where your data resides in your organisation.
DATA PROTECTION OFFICER (DPO) SUPPORT SERVICES
GDPR requires certain organisations to appoint a DPO. We can provide expert advice on whether you need a DPO and help in the selection process. We can also provide DPO support services, mentoring and training to your DPO. We can provide your DPO with access to a dedicated and experienced Colleary and Company team member who will provide speedy advice and can assist with day to day DPO queries. We can also help with specific projects, for example the roll out of a new product which requires a Data Protection Impact Assessment or dealing with a backlog of subject access requests. We can also act as an interim DPO when an in-house DPO is on leave or if there is short-term vacancy.
DRAFTING POLICIES & PROTOCOLS
Being accountable is one of the fundamental data protection requirements under GDPR. One of the first steps towards achieving this is by having appropriate policies, procedures and protocols in place. We provide a full policy review and drafting service, including drafting full sets of documents or reviewing and improving current data protection policies, procedures and protocols.
We help clients prepare for and respond to data breaches. Whether it is a minor breach or a major security issue, we can help your team make the decisions on notification’s and representation before the Data Protection Commission.
DATA PROTECTION COMMISSION (DPC) REPRESENTATION
The DPC has had its budget quadrupled over the past few years. This has led to an increase in investigations and audit. We represent clients when the DPC carries out an investigation or audit. We can help respond to DPC questionnaires and meet with them on your behalf. We also act for clients in appeals from DPC decisions.
EMPLOYER RELATED ISSUES
As an employer, you collect employee personal data in your business. This means that you must comply with data protection laws. We can provide support for your HR team, helping them to understand data protection compliance and implement appropriate procedures. We help HR teams with issues such as background checks, Garda vetting, staff-monitoring, retention of CVs, dealing with sick certificates and handling data subject access requests.
DATA PROTECTION IMPACT ASSESSMENTS (DPIAs)
We help clients create efficient processes relating to DPIAs. We can also provide DPIA training and advice. We can provide templates including how to carry out a DPIA and providing an evaluation of proposed processing, identification of risk and an outline of the measures to be taken to mitigate those risks.
PRIVACY BY DESIGN & PRIVACY BY DEFAULT
We can help your team incorporate privacy by design requirements at each stage of a project and help them understand the requirements of Privacy by Default.
OUTSOURCED DATA SUBJECT ACCESS REQUIREMENTS
People (data subjects) have a right of access to their personal data. We provide a completely outsourced service to help your organisation deal with Data Subject Access Requests (DSARs). We can manage every aspect of your DSAR procedure, from the initial request to the final delivery of documents to the data subject.
When personal data is transferred outside the EEA, certain measures must be taken. We provide advice about how to lawfully transfer personal data, including for intra-group transfers or outsourcing arrangements, and the various international transfer mechanisms now available.
Even when data is transferred within the EEA, organisations need to ensure that they work with appropriate service providers and that the relevant data protection requirements are met. We work with organisations to develop procedures to help manage service providers who have access to personal data. We can create processes, draft pre-selection questionnaires, advise on data protection requirements and draft data processing agreements.
OUR SPECIALIST AREAS
DPO Support Services
Training click here
Privacy Notices (inward and outward facing)
FOI and Data Protection Workflows, Processes and Procedures
Cyber Security Policies
Data Transfer Schemes (inside and outside the EEA) via BCRs, Model Clauses and Privacy Shield
Assessing compliance of notifications and processing activity
Data Subject Access and FOI Requests
Acting in Appeals and Investigations: Information Commissioner and Data Protection Commissioner
Managing Registrations with the Data Protection Commissioner