Book Meeting

EU - GDPR

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don't specifically market goods or services to EU residents.

Virtual Cybersecurity Team (VCT)

Download Center

CCybersecurity starts from proper awareness. Briskinfosec BINT LAB cybersecurity researchers continuously put extraordinary effort to help you to realise cybersecurity better and faster. Just download the ThreatSploit Adversary report.

Threatsploit report

Your window into the evolving threat landscape, offering insights and intelligence to protect against emerging cyber dangers.

Read

Approach to EUGDPR

GDPR compliance requires board-level support. It’s therefore essential that the board understands the implications of the Regulation – both positive and negative – so that they can allocate the resources needed to achieve and maintain compliance.

What CISO needs to do

Advise the board about data protection risks and the benefits of GDPR compliance.

Obtain management support for your GDPR compliance project.

Assign accountability for GDPR compliance to a director.

How GDPR Works

01

Scope and plan your GDPR compliance project

02

Conduct a data inventory and data flow audit

03

Undertake a comprehensive risk assessment

04

Conduct a detailed gap analysis

05

Develop operational policies, procedures and processes for PII & SPII Information

06

Secure personal data through procedural and technical measures

img
07

Improve privacy-related internal procedures

08

Appoint a Data Protection Officer

09

Ensure teams are trained and competent.

10

Monitor and audit compliance

11

Implement and Achieve GDPR compliance

12

Continual Improvement, Monitoring and Tracking

Highest Success Rate

Awareness of Data Protection Authorities

57% of Europeans know that there is a public authority in their country responsible for protecting their rights about personal data

20% know which public authority is responsible

Awareness of GDPR

67% of Europeans have heard of the GDPR

GDPR compared to the Data Protection Directive

Standardization:Data Protection Directive’s biggest weakness was the fact that it was a directive, meaning that it could only set minimum legal standards for EU states. This meant that EU states had to create their data protection laws, and resulted in a wide variety of data protection laws across Europe with little standardization. GDPR is designed to solve this problem – as a regulation, GDPR imposes a uniform law on all EU member states without needing state legislation to pass. The result of this consistent rule is standardization across the EU, making the regulatory environment simpler for international businesses.

Control:One of the primary goals of the GDPR is to give control of personal data back to citizens and residents of the EU. This is reflected by requirements that subjects give consent before data is processed, that collected data is anonymized and safely handled when transferred, and that breaches are handled with the utmost urgency and care. The regulation also applies strict rules to the export of personal data to entities outside of the EU and requires certain types of companies to appoint data protection officers for overseeing GDPR compliance within their organizations.

How do we differ?

01Briskinfosec providing a unique way to implement EU – GDPR for valuable Customers

Maintaining compliance with the new GDPR laws will take a great deal of work and development, especially if your company doesn’t already have extensive security and monitoring systems in place. Between the monitoring requirements and the staffing and contact needs involved in maintaining GDPR compliance, your company needs a system that will help balance it all. Briskinfosec can help with a GDPR compliant Cloud SOC.

Advanced architecture designed to help businesses minimize their risks and manage their compliance with regulatory entities like GDPR while still maintaining business continuity

Multi-tenancy support helps your company store customer data and accounts, protecting the integrity of their personal information

The GDPR compliant network monitoring system provides real-time attack visualization, which helps identify attacks and breaches as they happen, using rules-based, vulnerability, statistical and historical correlations to alert you immediately and identify crucial attack information for reporting

Vulnerability correlation software integrates all the data from your detection systems, identifying and eliminating false positives so that your team is free to focus on actual threats

Sophisticated reporting tools to help put together reports for GDPR audits, as well as other regulatory entities like ISO, PCI, HIPAA and SOX

img

02To whom GDPR Applies

As an EU regulation, GDPR is designed to protect the personal data of data subjects residing in the EU. Specifically, Article 3 of the GDPR states that it applies to the processing of personal data of citizens and residents of the EU, even if the processor isn’t established in the EU. Practically, this Article of the GDPR means that these Regulations apply to any company marketing goods or services to EU residents and citizens. These include:

EU States:

Government entities that handle the personal data of citizens and residents of the EU are as much subject to GDPR rules as any company.

EU Companies:

EU companies, since they are both located within the EU and handle transactional and personal data of EU citizens and residents, are expected to comply with GDPR.

Global Companies:

Any company that markets goods and services to EU states and completes transactions with EU citizens and residents are also expected to maintain GDPR compliance, regardless of where the corporation is located. Even if they have no staff or equipment located in the EU, if their marketing efforts extend to the EU or they use personal data to track the behavior of EU citizens, they are subject to GDPR rules.

Recognitions and Partnerships

Celebrating our achievements and collaborations, shaping a future of excellence.

Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images
Awards-images

Additional details

Get more answers to your questions in our Learning Services FAQ

  • Data protection legislation are laws that aim to protect the rights to privacy of individuals (all of us).These laws matter as they try to make sure that our personal information is used correctly by anyone that has it or collects it.
  • People who keep personal information are called data controllers. The Adoption Authority is a data controller and we protect your information and that of others. We can only share information about you with you.

  • GDPR stands for General Data Protection Regulation. It is a European Union legislation and is in place since 25 May 2018. GDPR matters as it sets out the ways in which the privacy rights of every European Union citizen must be protected and the ways in which a person’s personal data (information) can and cannot be used. The Adoption Authority must follow the GDPR requirements around the personal information that we can and cannot share.

  • Personal information is any information that can be used to identify a living person. Examples of personal information are:
  • A name
  • Date of birth
  • Address
  • Phone number
  • Email address
  • Personal Public Service (PPS) number
  • Photos
  • Internet Protocol address
  • These are all protected by law.

  • Not necessarily. Data protection requests are part of a very rigid process and must follow a particular format. This means the information you can get from a formal subject access request (SAR or data protection request) can be quite limited in what you are entitled to receive by law.You may be disappointed or surprised because you might not get information you already have through another source. Sometimes a simple informal request can help you more.

  • Unfortunately, the answer to this is no. The laws governing the Data Protection Act refer to a “Living Individual” only, so information about a deceased person is not covered.
  • GDPR will only make your personal data available to you. This means information about a person other than you:
  • Is not available to you under GDPR, and
  • Will not be given to you under GDPR.

  • By law, you have to give us proof of your identity to protect people’s personal information. We cannot provide information to any individual until they provide proof that they are who they say they are. If we did not ask for proof of your identity, then any member of the public could pretend to be you and could be given your personal information.

  • We accept most photographic and legal documents as proof of identity. Before we can give you the personal information we might have, we need a copy of one of the following of your personal items:
  • Current Irish driving licence
  • National Age Card
  • Passport
  • Public Service Card
  • Important: The copy of the identification you use should be verified (stamped). This means that before you send us a copy of your identification, you need to get the copy stamped by:
  • your local Garda or police station (free), or
  • a solicitor or commissioner for oaths if preferred. (There may be a fee in these instances.)
  • When we get this verified copy of your identity, we can start to work on your specific request for data. We can’t start working on a request without having formally confirmed your identity.
  • I don’t have any of the above identification
  • Do not worry if you do not have any of the items above. You can call to your local Garda station with a recent photograph and they will help you complete a form called ML10. We can accept this form as proof of identity when you send it to us.

  • A birth certificate contains the personal data of people other than you. If provided to you, it would identify another person or people without their prior consent.

  • Sometimes we have to redact parts of documents. Redact means black them out like this . We do this as these blackened parts are private or cannot be legally shared due to reasons like confidentiality concerns. If a document refers to someone other than you, any information which would identify them, we must legally protect.
  • Similarly, if another person asked us for documents that mentioned you we would black out (redact) the references to you to protect your personal information.

  • ‘Third parties’ is a term that you might hear when we reply to your request for information. It is important that you know what it means. ‘Third party’ is a term used to refer to individuals other than you personally. We work hard to get you the documents you are legally entitled to. Sometimes, we are not legally allowed to release documents that contains ‘third party information’ to you.
  • For example, on an adoption file there can often be the marriage certificate of the adoptive parents, or references from doctors, employers or Gardaí on behalf of the adoptive parents. These documents do not have your personal information. They have third-party information, so we cannot share them with you. Third party information is protected by law and we would be breaking the law if we shared such information with you.

  • By law, once we have stamped (verified) ID for you – we have 30 days to get the information to you. But, if your information is complex, we may extend the timeline for a two further months. We will write to you if this longer time period applies to you so you will know to expect it.

  • For adoption-related personal information Unfortunately, you cannot get personal information under the Freedom of Information (FOI) Act from the Authority if it relates to the making of an adoption order.
  • [The Adoption Authority is referred to in the Freedom of Information Act. The Act lists the Authority as a “Partially Included Agency” and this means that adoption-related files are exempt – not covered – as part of FOI requests.]
  • For other information People can get other information we may hold about them on other types of records under FOI. For example, a person who attended an interview for a job with us may request under FOI feedback on their performance.

  • Yes, in some situations you can correct information about you that is incorrect. [We can do this, it is called “a right to rectification” under GDPR.] We can advise you as to how to do this if you tell us what has been recorded incorrectly
  • Correcting some information (like factual information) may mean that documents have to be amended by the organization who gave us the information in the first instance. This may take some time as there are legal procedures to follow. However, we can correct simple mistakes such as misspellings or a typing error.
  • How to get us to correct incorrect information To get the correction made, please write to us in with the correction you want. The correction might be to:
  • Update an address
  • Telephone number
  • Correct the spelling of your name
  • What happens when we can’t correct information?
  • Sometimes we are not able to make corrections. For example, if the spelling mistake or the date of birth is on an official document which we hold, we may not be able to make the correction for you. If this is the case, we will tell you this and tell you how you can get the official document corrected if necessary.

  • It depends. While there is a right under GDPR called “the right to be forgotten”, it is not an absolute right as there are some records which cannot be erased because they must be kept by law (that is under The Adoption Act 2010). For example, the record of an adoption order is a legal record and must be kept for that reason.
  • The Adoption Authority has to keep much of the data we have about you as it is part of a legal process. We will review the data we hold when we receive a request to erase information. We will do this to see if any of the data we hold about you may be erased. One of our staff will write you after this to tell you this has been done or why other data cannot be erased.

Speak to an Expert

Expert guidance, tailored solutions- your direct path to insightful, precise answers.

Book an Appointment

Copyright © 2024 Briskinfosec Technology and Consulting Pvt Ltd