FAQsFrequently Asked Questions
Is my business covered by the GDPR?
If you carry out processing activities with personal data partly or wholly by automated means, or if you otherwise deal...
See More InformationHow long should personal data be held to meet the obligations imposed by the GDPR?
Data controllers are obliged to process personal data in accordance with the storage limitation principle, meaning that personal data shall...
See More InformationHow do I make a privacy policy?
A data protection notice (also known as “privacy policy”) is an accountability tool that helps a data controller demonstrate that...
See More InformationWhat security measures should I have in place to protect personal data from unauthorised processing?
The General Data Protection Regulation (GDPR) requires that appropriate security measures be put in place which take account of the...
See More InformationWhat do I do if there is a security breach?
A personal data breach under the General Data Protection Regulation (GDPR) is ‘a breach of security leading to the accidental...
See More InformationWhat should be contained in a contract between a data controller and a data processor?
Sometimes, an organisation will need to engage the services of a sub-contractor or agent to process personal data on its...
See More InformationCan I use a "cloud" service to process my data?
If you decide to employ an external cloud service provider (the provider), for example, in order to upload and store...
See More InformationWhere can I get further information on data protection for organisations?
The Data Protection Commission (DPC) has a designated section on its website which provides additional data protection information and resources...
See More Information