The Data Protection Commission (DPC) has a designated section on its website which provides additional data protection information and resources for organisations.

If you decide to employ an external cloud service provider (the provider), for example, in order to upload and store documents, photos, videos, and other files on a remote server (a “cloud service”), your relationship with the provider could be one of joint controllership, a controller-processor relationship or both.

Sometimes, an organisation will need to engage the services of a sub-contractor or agent to process personal data on its behalf.  Such an agent is termed a 'data processor' under data protection law. For example, a company may wish to engage the services of a payroll company to deal with their payroll issues. The employer is the data controller and the payroll company is the data processor.

A personal data breach under the General Data Protection Regulation (GDPR) is ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed’.

Data controllers are therefore required to have in place appropriate security measures to prevent both internal and external unauthorised access to personal data that is under their control.

Under Section 169 of the Companies Act 2014, as amended, every company is required to keep a register of the company's members containing details of, amongst other things, the names and addresses of each member. The Act provides that an Owners’ Management Company (OMC) must keep a register of its members, which must be made available by the company for inspection without charge. In addition, Section 216 (11) Companies Act 2014 provides that a member may request a copy or a copy of any part of the members' register.