Johnson Hana

This Practice Note is intended for private sector commercial organisations in Ireland. It provides practical guidance on how to handle data subject access requests (DSARs) under the EU General Data Protection Regulation (EU GDPR). It explains some common features of DSARs and the issues that can arise when handling such requests. This Practice Note also considers compliance strategies to best equip your organisation to manage the process.

This Precedent data breach panic sheet gives tips for an Irish organisation on what to do and what not to do in the immediate aftermath (first 24 hours) of a personal data security breach. A personal data breach may arise from a cybersecurity breach or other type of incident. This data breach panic sheet takes into account data breach notification requirements in the EU General Data Protection Regulation (EU GDPR) and relevant guidance from the Data Protection Commission (DPC).

This Precedent Personal data breach plan can be used by Irish organisations to inform their staff and managers of the actions to take on discovering a personal data breach (including a cybersecurity breach). It reflects reporting requirements in the EU General Data Protection Regulation (EU GDPR) and takes into account relevant guidance from the Data Protection Commission (DPO). It incorporates a process for dealing with actual or suspected personal data breaches. A personal data breach plan may also be known as a data breach policy. This Precedent can also be used for cybersecurity breaches that involve the loss of, damage to or unauthorised access to personal data.

This Flowchart sets out a process for evaluating a data subject access request (DSAR) received under the EU General Data Protection Regulation (EU GDPR). It reflects the requirements of the EU GDPR relating to DSARs together with guidance issued by the Data Protection Commission (DPC). It should be read in conjunction with Flowchart: Ireland—Handling data subject requests, which covers requirements common to all data subject requests under the EU GDPR and Practice Note: Ireland—Handling data subject access requests.

This Flowchart sets out a process for handling data subject requests received under the EU General Data Protection Regulation (EU GDPR). It reflects data subject rights under the EU GDPR together with guidance issued by the Data Protection Commissioner (DPC). It maps out a process to follow when you receive a request from a data subject to exercise one of their data subject rights under the EU GDPR, providing guidance and links to relevant precedents and separate detailed flowcharts covering the individual rights. It should be read in conjunction with Practice Note: Ireland—Handling data subject access requests.