What is GDPR?
General Data Protection Regulation (GDPR) is European legislation that came into effect across all of the EU Member States on 25 May 2018.
What does GDPR do?
GDPR protects the privacy rights of individuals; places obligations on all organisations to safeguard individuals’ personal data that they collect, use and store; and, gives people more rights and protection about how their personal data is being used.
What is personal data?
Personal data is information about a living individual which is capable of identifying them. A living individual is also referred to as a ‘data subject’. Personal data includes names, addresses, date of birth, PPS/NIN number, email addresses, Income and other factors specific to the identity of an individual.
GDPR covers all personal data (electronic and physical personal data). This includes physical files, emails, images or recordings of individuals etc
What should your website say about GDPR and Privacy?
There should first be a statement about who you are and what your registered Charity Number is and where your permanent address is. There should then be a privacy statement to demonstrate your commitment to protecting and respecting each person’s data.
The privacy statement should go on to explain how data is gathered,used, processed under the following headings/FAQs:
This Privacy Statement explains how we process information, in particular the personal data that we receive from you. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.
What information do we collect about you?
Processing of personal information
What do we use your information for?
How who do we share your information?
Where do we store your information?
How long do we retain your information?
How do we keep your information safe and accurate?
What are your rights?
You have many rights under Irish Data Protection legislation with regard to the processing of your data.
Right of Access – You have the right to access information we hold on you.
Right of Correction – you have the right to have any inaccurate or incomplete data rectified by us.
Right of Erasure – In certain circumstance you can request the erasure of the data we hold on you i.e. the right to be forgotten.
Right to Restriction of Processing – Where certain conditions apply, you have the right to restrict processing of your personal data.
Right of Portability – Subject to certain circumstances, you have the right to have any data we hold on you transferred to another organisation where we hold it in electronic form.
Right to Object – You have the right to object to certain types of data processing.
The Right to Lodge a Complaint with the Data Protection Commission.
Further Information on GDPR
For specific queries on GDPR please refer to the person with responsibility and competence in this area in your diocese.
Further general information on data privacy rights please see the website of the Data Protection Commissioner www.dataprotection.ie