Introductory Statement The firm's data protection policy is set out below. It explains how personal data on clients, staff and other parties are kept and how the data is protected. It also sets out the circumstances in which this data may be processed.
The firm's data protection policy was formulated upon commencement of the EU General Data Protection Regulation.
Scope The policy applies to the keeping and processing of personal data, both in manual form and on computer, including personal data held on clients and staff and other parties.
Data: means information in a form which can be processed. It includes automated data (information on computer or information recorded with the intention of putting it on computer) and manual data (information that is kept as part of a relevant filing system, or with the intention that it should form part of a relevant filing system).
Relevant filing system: means any set of information that, while not computerised, is structured by reference to individuals, or by reference to criteria relating to individuals, so that specific information relating to a particular individual is readily accessible.
Personal data: means data relating to a living individual who is or can be identified from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the data controller.
Data Controller: A data controller is the individual or legal entity which controls the contents and use of personal data.
Data Processor: A person or entity who processes Personal Data on behalf of a Data Controller on the basis of a formal, written contract, but who is not an employee of the Data Controller, processing such Data in the course of his/her employment.
The policy applies to all of the firm's clients, staff and other parties insofar as the measures under the policy relate to them.
It is necessary to devise a data protection policy at this time as the firm is obliged to comply with the EU General Data Protection Regulation.
The objectives of the data protection policy include the following:
To ensure that the firm complies with the General Data Protection Regulation.
To ensure that the data protection rights of clients, staff and other third parties are safeguarded
Details of all personal data which will be held, the format in which it will be held and the purpose(s) for collecting the data in each case
Staff records: These may include:
Client records: These may include:
Purpose for keeping client records may include:
Other records: These may include:
Purpose for keeping other records may include:
Details of arrangements in place to ensure compliance with the rules of data protection
The policy set out the arrangements in place to ensure that all personal data records held by the firm are obtained, processed, used and retained in accordance with the following rules of data protection (based on Data Protection legislation, including the GDPR):
1.Obtain and process information fairly:
Procedures are in place to ensure that clients, staff members and other parties are made fully aware when they provide personal information of the identity of the persons who are collecting it, the purpose in collecting the data, the persons or categories of persons to whom the data may be disclosed and any other information which is necessary so that processing may be fair
Personal information is processed fairly in accordance with Data Protection legislation, including the GDPR, with consent being obtained from clients, staff members and other parties where required.
Sensitive personal information is processed fairly in accordance with the Data Protection legislation, including the GDPR, with explicit consent being obtained from clients, staff members and other parties, where required.
2. Keep it only for one or more specified, explicit and lawful purposes:
Persons whose data is collected should know the reason(s) why it is collected and kept
The purpose for which the data is collected and kept is a lawful one
3. Use and disclose it only in ways compatible with these purposes:
Data is to be used only in ways consistent with the purpose(s) for which it was obtained
Data should be disclosed only in ways consistent with that purpose
Procedures are in place, which is in accordance with the Data Protection legislation, including the GDPR, to facilitate the transfer of information to another firm should the client transfer,
The circumstances in which personal data will be disclosed to third parties, including the Courts Service, the Gardaí, etc., should be in accordance with the Data Protection legislation, including the GDPR.
4. Keep it safe and secure:
5. Keep it accurate, complete and up-to-date:
6. Ensure that it is adequate, relevant and not excessive:
7. Retain it for no longer than is necessary for the purpose or purposes:
8. Give a copy of his/her personal data to that individual on request
On making an access request any individual (subject to any restrictions in law, the Data Protection legislation, including the GDPR) about whom you keep personal data, is entitled to: